Re: Reporting Internet incidents to Homeland Security

2003-04-03 Thread Abdullah Ibn Hamad Al-Marri 

Hello,
- Original Message -
From: "Sean Donelan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 03, 2003 10:51 AM
Subject: Reporting Internet incidents to Homeland Security



: "Many incidents can be handled by the private sector, but there is current
: discussion about how to better define expectations on the government side
: and to institutionalize what type of incidents will be automatically
: reported to the government, Schmidt said."

What kind of  incidents should be reported to gov? DDoS done by script
kiddies don't live in the USA for example?

Webhosting folks should report the script kiddies using free homepages to
host trojans?

Thanks,

-A

aljazeera.net domain owned.

2003-03-27 Thread Abdullah Ibn Hamad Al-Marri 

Hello,

aljazeera.net domain owned.

Per what the Chief Editor of www.aljazeera.net told me in the phone a while
ago the domain isn't in their control anymore.

all the info got changed and they are wondering how did this happen.

A visit to the website now would explian it all.

Thanks,

-Abdullah

Re: Al Jazeera DOSed or just lots of traffic

2003-03-25 Thread Abdullah Ibn Hamad Al-Marri 

- Original Message -
From: "Sean Donelan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2003 9:17 AM
Subject: Re: Al Jazeera DOSed or just lots of traffic


:
: On Mon, 24 Mar 2003, james wrote:
: > : It was DDoSed even the nameservers routes were null due to the DDoS
huge
: > : size.
: >
: > I noticed today that a traceroute to this host from my network exited
: > at 4 or 5 hops on west coast at a major providers network.
:
: Its common for popular web sites to locate their major servers
: topologically in the network away from their organization's geographic
: location.  For example, the BBC (a UK organization) has web servers
: in New York City.  So it doesn't surprise me to see Al Jezeera's web
: servers connected through New Jersey.
:
: Al Jazeera's main web site (64.106.198.10) is still very slow, but I can
: get to their english language web site on the same subnet (64.106.198.16).
: So its acting more like a overloaded web server than a DDOS.  But I don't
: have any special insight into Al Jazeera's network.

I tried to traceroute it from Level3 looking Glass  yesterday when it was
down
http://www.l3.com/LookingGlass/ and I got this:

Traceroute From Traceroute To

New York, NY www.aljazeera.net



Domain name lookup for 'www.aljazeera.net' failed.
Exiting.

Beside I called the Tech guys in AlJazeera and told me they are working with
opentransit and DataPipe to stop the attack ASAP.

I tried to did nslookup using

   ALJNS1SA.NAV-LINK.NET217.26.193.15
   ALJNS1HB.DATAPIPE.COM64.106.198.4

But none did work, and the route to  217.26.193.15 was nulled and I couldn't
run traceroute to 64.106.198.4 maybe DataPipe was filtering the ICMP And the
UDP to that IP it was dieing within DataPipe network.

route-server>traceroute 64.106.198.4

Type escape sequence to abort.
Tracing the route to aljns1hb.datapipe.com (64.106.198.4)

  1 white_dwarf.cbbtier3.att.net (12.0.1.1) [AS 7018] 0 msec 200 msec 4 msec
  2 ar3.n54ny.ip.att.net (12.126.0.30) [AS 7018] 204 msec 200 msec 204 msec
  3 gbr1-a30s10.n54ny.ip.att.net (12.127.5.142) [AS 7018] 204 msec 204 msec
4 msec
  4 tbr1-p013202.n54ny.ip.att.net (12.122.11.1) [AS 7018] 204 msec 204 msec
200 msec
  5 gar4-p300.n54ny.ip.att.net (12.123.3.2) [AS 7018] 200 msec 200 msec 204
msec
  6 att-gw.ny.qwest.net (192.205.32.170) [AS 7018] 200 msec 204 msec 200
msec
  7 jfk-core-02.inet.qwest.net (205.171.230.22) [AS 209] 200 msec 4 msec 200
msec
  8 ewr-core-01.inet.qwest.net (205.171.8.245) [AS 209] 200 msec 204 msec
204 msec
  9 ewr-cntr-01.inet.qwest.net (205.171.17.146) [AS 209] 204 msec 200 msec
208 msec
 10 msfc-24.ewr.qwest.net (63.146.100.66) [AS 209] 208 msec 200 msec 204
msec
 11  *  *  *
 12 vlan11.aggr2.ewr.datapipe.net (64.106.128.6) [AS 14492] 0 msec 4 msec 0
msec
 13  *  *  *
 14  *  *  *

Thanks,

-A

Re: Al Jazeera DOSed or just lots of traffic

2003-03-24 Thread Abdullah Ibn Hamad Al-Marri 

- Original Message -
From: "Sean Donelan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 25, 2003 2:31 AM
Subject: Al Jazeera DOSed or just lots of traffic


:
: Al Jazeera's web site (www.aljazeera.net) has been intermittently
: unavailable today.  Al Jazeera's spokesperson indicated it might be
: hackers, but it could have just been lots of people trying to reach the
: web site to see the pictures US television networks wouldn't broadcast,
: overloading their servers.
:
: That's the only "high visibility" problem I've heard of so far.  There
: has been the normal background level of stuff on the net, cable cuts, web
: defacements, perpetual ddos attacks, etc.
:

It was DDoSed even the nameservers routes were null due to the DDoS huge
size.

Thanks,

-Abdullah