Re: wikileaks dns (was Re: Blocking International DNS)
* Jack Bates (jba...@brightok.net) wrote: Given These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites. I'd say they had DOS issues with their nameservers. They can't be expected to let their other domains go down in efforts to protect a single domain. This is then important information that should be spelled out in their terms of service. 'If your domain generate to much traffic we will terminate your service'.. It might very well be reasonable for a free service to have these restrictions but as a customer it could be an important differentiator when choosing service provider. ..assuming that the DOS actually took place.. (tinfoil hat on..:) /Joakim I'm guessing they weathered the problem somewhat, as they actually gave 24h notice. However, excessive loads and constant monitoring and protective measures on a free service would definitely be something a company would want to stop. Jack
Re: wikileaks dns (was Re: Blocking International DNS)
On Fri, Dec 03, 2010 at 12:52:29AM -0500, Ken Chase k...@sizone.org wrote a message of 24 lines which said: Anyone have records of what wikileaks (RR, i assume) A record was? 91.121.133.41 46.59.1.2 Translated into an URL, the first one does not work (virtual hosting, may be) but the second does. I've found also, thanks to a new name resolution protocol, TDNS (Tweeter DNS), 213.251.145.96, which works. I should have queried my favourite open rDNS servers before they expired, dig A wikileaks.org backup.txt (from cron) is a useful method. Other possible solution would be a DNSarchive, in the same way there is a WebArchive. Any volunteer?
Re: wikileaks dns (was Re: Blocking International DNS)
wikileaks.no and wikleaks.se seem to accept requests on port 80 but appear to be having troubles generating responses, perhaps just overloaded. On Dec 3, 2010, at 12:45 AM, Stephane Bortzmeyer wrote: On Fri, Dec 03, 2010 at 12:52:29AM -0500, Ken Chase k...@sizone.org wrote a message of 24 lines which said: Anyone have records of what wikileaks (RR, i assume) A record was? 91.121.133.41 46.59.1.2 Translated into an URL, the first one does not work (virtual hosting, may be) but the second does. I've found also, thanks to a new name resolution protocol, TDNS (Tweeter DNS), 213.251.145.96, which works. I should have queried my favourite open rDNS servers before they expired, dig A wikileaks.org backup.txt (from cron) is a useful method. Other possible solution would be a DNSarchive, in the same way there is a WebArchive. Any volunteer?
Re: wikileaks dns (was Re: Blocking International DNS)
... ... The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy. the claim is that being ddos'd is an aup violation. go figure.
RE: wikileaks dns (was Re: Blocking International DNS)
I guess the USG's cyberwar program does work (very dryly said). -Original Message- From: Paul Ferguson [mailto:fergdawgs...@gmail.com] Sent: Friday, December 03, 2010 1:39 AM To: Jack Bates Cc: North American Network Operators Group Subject: Re: wikileaks dns (was Re: Blocking International DNS) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Dec 2, 2010 at 11:29 PM, Jack Bates jba...@brightok.net wrote: On 12/2/2010 11:26 PM, Randy Bush wrote: so, if the site to which a dns entry points suffers a ddos, everydns will no longer serve the domain. i hope they apply this policy even handedly to all sufferers of ddos. Given These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites. I'd say they had DOS issues with their nameservers. They can't be expected to let their other domains go down in efforts to protect a single domain. I'm guessing they weathered the problem somewhat, as they actually gave 24h notice. However, excessive loads and constant monitoring and protective measures on a free service would definitely be something a company would want to stop. FYI: http://www.techdirt.com/articles/20101202/22322512099/wikileaks-says-its-si te-has-been-killed.shtml - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM+J6Vq1pz9mNUZTMRAocNAKCxe3rX9bz1L7tliKdCJfPOvZZybACgrrRF w3whP9J/zHlrWa/yJDMeRQs= =ZT0w -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: wikileaks dns (was Re: Blocking International DNS)
On Friday 03 December 2010 13:22:19 Frank Bulk wrote: I guess the USG's cyberwar program does work (very dryly said). They missed ;) http://wikileaks.ch http://twitter.com/wikileaks
Re: wikileaks dns (was Re: Blocking International DNS)
On Fri, Dec 3, 2010 at 7:22 AM, Frank Bulk frnk...@iname.com wrote: I guess the USG's cyberwar program does work (very dryly said). Perhaps the PRC's works too. -J
Re: wikileaks dns (was Re: Blocking International DNS)
On 03/12/10 00:52 -0500, Ken Chase wrote: On Fri, Dec 03, 2010 at 02:26:35PM +0900, Randy Bush said: so, if the site to which a dns entry points suffers a ddos, everydns will no longer serve the domain. i hope they apply this policy even handedly to all sufferers of ddos. if not, as a registrar, i guess i can no longer accept registrations where everydns is the ns delegatee. Let us know if they deviate from this isometric application of policy. I'll be happy to encourage people not to use them. Anyone have records of what wikileaks (RR, i assume) A record was? I should have queried my favourite open rDNS servers before they expired, assuming that the TTL was long enough (or modified to be long by a local cache policy). Quick, someone power up their hibernated laptop with the network unplugged and ping wikileaks (assuming you looked at it recently before hiberation, before it was pulled... :) Not sure that works in any windows (or other OS's for that matter) however. Their A records on Sunday were: #46.51.186.222 wikileaks.org #46.151.171.90 wikileaks.org -- Dan White
Re: wikileaks dns (was Re: Blocking International DNS)
On Fri, Dec 03, 2010 at 08:27:57AM -0600, Dan White dwh...@olp.net wrote a message of 28 lines which said: Their A records on Sunday were: (No longer working.) Several people are keeping track of working IP addresses and avertise them in the DNS (wikileaks.something.example). Other have full mirrors. A current list: http://etherpad.mozilla.org:9000/wikileaks copy it, so you can access the DNS mirrors even if mozilla.org is taken down... operationalIt's a very interesting exercice in resiliency./operational
RE: wikileaks dns (was Re: Blocking International DNS)
I guess the USG's cyberwar program does work (very dryly said). It was reported in the last couple of days that Wikileaks could have been taken off the net but the govt decided not to do it. As for a member of Congress pressuring Amazon, what else would one expect? If a site has content that the USG might see as damaging, and if a US company is facilitating the distribution of that content, sure, I would expect members of that government to apply pressure but I have no idea what that pressure might have consisted of. But think about it ... if someone had, for example, deep internal corporate confidential financial information on a company and published that on the web, that company might also attempt to pressure the publishing entity to stop it. To expect someone not to pressure someone to remove potentially damaging material is probably naïve.
Re: wikileaks dns (was Re: Blocking International DNS)
For the record, I would never remove a customer because a congressman or senator asked for it, however, I would deny service to persons with outstanding felony warrant(s). Jeff On Fri, Dec 3, 2010 at 12:38 PM, George Bonser gbon...@seven.com wrote: I guess the USG's cyberwar program does work (very dryly said). It was reported in the last couple of days that Wikileaks could have been taken off the net but the govt decided not to do it. As for a member of Congress pressuring Amazon, what else would one expect? If a site has content that the USG might see as damaging, and if a US company is facilitating the distribution of that content, sure, I would expect members of that government to apply pressure but I have no idea what that pressure might have consisted of. But think about it ... if someone had, for example, deep internal corporate confidential financial information on a company and published that on the web, that company might also attempt to pressure the publishing entity to stop it. To expect someone not to pressure someone to remove potentially damaging material is probably naïve. -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: wikileaks dns (was Re: Blocking International DNS)
On Fri, Dec 3, 2010 at 12:38 PM, George Bonser gbon...@seven.com wrote: As for a member of Congress pressuring Amazon, what else would one expect? If a site has content that the USG might see as damaging, and if a US company is facilitating the distribution of that content, sure, I would expect members of that government to apply pressure but I have no idea what that pressure might have consisted of. It may be naive, but I expect due process from the USG. Just sayin' -Randy Fischer
Re: wikileaks dns (was Re: Blocking International DNS)
Other possible solution would be a DNSarchive, in the same way there is a WebArchive. Any volunteer? The RIPE REX tool provides something like this, at least for the reverse tree. http://rex.ripe.net/ http://albatross.ripe.net/cgi-bin/rex.pl?type=allres=213.251.145.0/24stime=2009-12-02etime=2010-12-02page=dnscf=1af=1 Of course, it appears that none of the three cabelgate IP addresses you cite have reverse records provisioned that point to wikileaks (just bahnhof.se and ovh.net). --Richard
Re: wikileaks dns (was Re: Blocking International DNS)
The patriot act did away with due process. On 12/3/2010 3:10 PM, Randy Fischer wrote: On Fri, Dec 3, 2010 at 12:38 PM, George Bonsergbon...@seven.com wrote: As for a member of Congress pressuring Amazon, what else would one expect? If a site has content that the USG might see as damaging, and if a US company is facilitating the distribution of that content, sure, I would expect members of that government to apply pressure but I have no idea what that pressure might have consisted of. It may be naive, but I expect due process from the USG. Just sayin' -Randy Fischer
Re: wikileaks dns (was Re: Blocking International DNS)
To expect someone not to pressure someone to remove potentially damaging material is probably naïve. i believe that the material was not stored on amazon, only torrent pointers. and to cave to that pressure absent of actual legal requirement cost amazon my business. randy
Re: wikileaks dns (was Re: Blocking International DNS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Curtis! On Fri, 3 Dec 2010, Curtis Maurand wrote: The patriot act did away with due process. Yep. More on that today: http://www.wired.com/threatlevel/2010/12/realtime/ RGDS GARY - --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701 g...@rellim.com Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFM+Vm0BmnRqz71OvMRAsPlAJ9erzScO4+Lsixa3Rk33OS9+X0tPQCeJvqh TASxqIjnaNm+CDVLpS+UEcs= =uFTG -END PGP SIGNATURE-
Re: wikileaks dns (was Re: Blocking International DNS)
On Thu, Dec 2, 2010 at 10:05 PM, Ken Chase k...@sizone.org wrote: All our topics of discussion are merging... (soon: does Wikileaks run on 208V? :) If they keep going that way, soon they will be running on nuclear power from the hidden centrifuges in some cave. Cheers Jorge
Re: wikileaks dns (was Re: Blocking International DNS)
On Thu, Dec 02, 2010 at 10:16:23PM -0600, Jorge Amodio said: On Thu, Dec 2, 2010 at 10:05 PM, Ken Chase k...@sizone.org wrote: All our topics of discussion are merging... (soon: does Wikileaks run on 208V? :) If they keep going that way, soon they will be running on nuclear power from the hidden centrifuges in some cave. or p2p or tor or torrents of *.tbz's the other day bloomberg was having issues in their db only for stories about wikileaks and assange as per my quick testing, quite annoying, are major news mediae seeing ddos attempts at censorship (or just leaking at the seams infrastructure issues with the big hits on the topic?) /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: wikileaks dns (was Re: Blocking International DNS)
On Dec 2, 2010, at 11:05 PM, Ken Chase wrote: All our topics of discussion are merging... (soon: does Wikileaks run on 208V? :) http://www.everydns.com/ right hand side. (sorry to shift the discussion off of uucp... long live sizone.uucp...) Seems to be down here http://www.everydns.com/ EveryDNS.net provided domain name system (DNS) services to the wikileaks.org domain name until 10PM EST, December 2, 2010, when such services were terminated. As with other users of the EveryDNS.net network, this service was provided for free. The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy. [TME-MBP-2010:~] tme% dig wikileaks.org ; DiG 9.6.0-APPLE-P2 wikileaks.org ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: REFUSED, id: 37692 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;wikileaks.org. IN A ;; Query time: 13 msec ;; SERVER: 63.105.122.34#53(63.105.122.34) ;; WHEN: Thu Dec 2 23:47:19 2010 ;; MSG SIZE rcvd: 31 Regards Marshall /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: wikileaks dns (was Re: Blocking International DNS)
[TME-MBP-2010:~] tme% dig wikileaks.org ; DiG 9.6.0-APPLE-P2 wikileaks.org ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: REFUSED, id: 37692 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;wikileaks.org. IN A ;; Query time: 13 msec ;; SERVER: 63.105.122.34#53(63.105.122.34) ;; WHEN: Thu Dec 2 23:47:19 2010 ;; MSG SIZE rcvd: 31 shows gone for me too . btw, excuse the blunt, but for an organization like this kind of extremely stupid to have all the secondaries with the same provider no ? -J
Re: wikileaks dns (was Re: Blocking International DNS)
Everydns says on their page: EveryDNS.net provided domain name system (DNS) services to the wikileaks.org domain name until 10PM EST, December 2, 2010, when such services were terminated. As with other users of the EveryDNS.net network, this service was provided for free. The termination of services was effected pursuant to, and in accordance with, the EveryDNS.net Acceptable Use Policy. More specifically, the services were terminated for violation of the provision which states that Member shall not interfere with another Member's use and enjoyment of the Service or another entity's use and enjoyment of similar services. The interference at issues arises from the fact that wikileaks.org has become the target of multiple distributed denial of service (DDOS) attacks. These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites. Thus, last night, at approximately 10PM EST, December 1, 2010 a 24 hour termination notification email was sent to the email address associated with the wikileaks.org account. In addition to this email, notices were sent to Wikileaks via Twitter and the chat function available through the wikileaks.org website. Any downtime of the wikileaks.org website has resulted from its failure to use another hosted DNS service provider. -J
Re: wikileaks dns (was Re: Blocking International DNS)
Sort of weird theory, but it sounds really strange that knowing the kind of reactions that one could expect due the content being published in the site that they have such a naive dns setup for that given domain. Unless what you are looking for is actually getting booted so you can cry loud (which they already did via twitter few mins ago), hey the US killed our domain. BTW, the domain still shows in the PIR WHOIS. -J
Re: wikileaks dns (was Re: Blocking International DNS)
On Fri, Dec 03, 2010 at 02:26:35PM +0900, Randy Bush said: so, if the site to which a dns entry points suffers a ddos, everydns will no longer serve the domain. i hope they apply this policy even handedly to all sufferers of ddos. if not, as a registrar, i guess i can no longer accept registrations where everydns is the ns delegatee. Let us know if they deviate from this isometric application of policy. I'll be happy to encourage people not to use them. Anyone have records of what wikileaks (RR, i assume) A record was? I should have queried my favourite open rDNS servers before they expired, assuming that the TTL was long enough (or modified to be long by a local cache policy). Quick, someone power up their hibernated laptop with the network unplugged and ping wikileaks (assuming you looked at it recently before hiberation, before it was pulled... :) Not sure that works in any windows (or other OS's for that matter) however. /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: wikileaks dns (was Re: Blocking International DNS)
On 12/2/2010 11:26 PM, Randy Bush wrote: so, if the site to which a dns entry points suffers a ddos, everydns will no longer serve the domain. i hope they apply this policy even handedly to all sufferers of ddos. Given These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites. I'd say they had DOS issues with their nameservers. They can't be expected to let their other domains go down in efforts to protect a single domain. I'm guessing they weathered the problem somewhat, as they actually gave 24h notice. However, excessive loads and constant monitoring and protective measures on a free service would definitely be something a company would want to stop. Jack
Re: wikileaks dns (was Re: Blocking International DNS)
On 3/12/10 3:05 PM, Ken Chase wrote: All our topics of discussion are merging... (soon: does Wikileaks run on 208V? :) http://www.everydns.com/ right hand side. (sorry to shift the discussion off of uucp... long live sizone.uucp...) There is a list of mirror sites here: http://wikileaks.info/ There are three IPv4 addresses listed for the cablegate site: 91.194.60.90, 91.194.60.112 and 204.236.131.131. Of these, the first one is not responding (from Australia), the third is an Amazon IP and won't host the site now. The second one is responding, but is not up to date with the full release so far (it has 294 cables, up to November 30). I'm surprised they don't have a proper mirror using a .se, .ch or .is domain. Regards, Ben signature.asc Description: OpenPGP digital signature
Re: wikileaks dns (was Re: Blocking International DNS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Dec 2, 2010 at 11:29 PM, Jack Bates jba...@brightok.net wrote: On 12/2/2010 11:26 PM, Randy Bush wrote: so, if the site to which a dns entry points suffers a ddos, everydns will no longer serve the domain. i hope they apply this policy even handedly to all sufferers of ddos. Given These attacks have, and future attacks would, threaten the stability of the EveryDNS.net infrastructure, which enables access to almost 500,000 other websites. I'd say they had DOS issues with their nameservers. They can't be expected to let their other domains go down in efforts to protect a single domain. I'm guessing they weathered the problem somewhat, as they actually gave 24h notice. However, excessive loads and constant monitoring and protective measures on a free service would definitely be something a company would want to stop. FYI: http://www.techdirt.com/articles/20101202/22322512099/wikileaks-says-its-si te-has-been-killed.shtml - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFM+J6Vq1pz9mNUZTMRAocNAKCxe3rX9bz1L7tliKdCJfPOvZZybACgrrRF w3whP9J/zHlrWa/yJDMeRQs= =ZT0w -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/