Re: What hath god wrought?

[Jay Farrell <jayfar () jayfar com>]

Are you certain it was a DoS attempt? They may have just been running
a surveillance software package such as URLy warning, which GETs the
pages of a site repeatedly and diffs them to watch for updates. In the
case of an (non-)organization like Occupy I can't imagine law
enforcement would neglect to do this. I've been on the receiving end
of this sort of thing myself (long story).

-- 
Jayfar


On Tue, May 21, 2013 at 12:07 AM, Charles Wyble
<charles-lists () knownelement com> wrote:
> Sorry. The occupy site was on a shared hosting plan at the company I worked for.
>
> Source determined via Whois output for the attacking ip found via our analysis. It was a rather crude dos attack 
> (repeated get requests). At first we figured they were just mirroring the site for offline analysis or something, but 
> it soon became evident they were just hammering the site.
>
> Yes we could of sued. However the inevitable stonewalling, endless resources of the feds etc would of made for a long 
> and exhaustive legal battle.
>
> This was at the height of the occupy activities. Far worse offenses were being committed by federal, state and local 
> govts during that period than a dos attack by DHS.
>
>
> "Jason L. Sparks" <jlsparks () gmail com> wrote:
>
> > "No attempt to hide the source IP"
> > "I mean, they were using a shared hosting plan"
> >
> > What makes you certain it was DHS?
> >
> > Genuinely curious, because this is a hell of a claim.
> > --
> > Jason
> >
> >
> > On Mon, May 20, 2013 at 3:29 PM, Mike Hale
> > <eyeronic.design () gmail com>wrote:
> >
> > > Would it be futile though?  I mean...DHS running a DOS against an
> > > American organization is the kind of stuff that makes Constitutional
> > > lawyers salivate.
> > >
> > > I'm not trying to call you out, btw.  I'm genuinely curious why the
> > > hosting company itself didn't file suit.  You've got a US Government
> > > agency abusing your resources and acting in a blatantly illegal
> > > manner.  That's the kind of stuff that results in letters of
> > > resignation when publicized.
> > >
> > > On Mon, May 20, 2013 at 12:13 PM, Charles Wyble
> > > <charles-lists () knownelement com> wrote:
> > > > Yes. I'm aware of that. It would be futile in most cases, which is
> > a
> > > huge problem in and of itself, as that's really the only recourse.
> > > > I mean they were using a shared hosting plan. Not exactly deep
> > pocketed.
> > > > My point is that the abuse of power is blatant and they are
> > unafraid of
> > > any kind of retaliation. They don't need to hide.
> > > > Mike Hale <eyeronic.design () gmail com> wrote:
> > > >
> > > > > "Sue them?"
> > > > > Uhm...yes?  That's why we have courts that we can sue federal
> > agencies
> > > > > in.
> > > > >
> > > > > On Mon, May 20, 2013 at 11:58 AM, Charles Wyble
> > > > > <charles-lists () knownelement com> wrote:
> > > > > > No proxy needed. No need to hide.
> > > > > >
> > > > > > While working for a very large hosting company, I once observed
> > DHS
> > > > > hammering an occupy related website. No attempt to hide the source
> > ip
> > > > > or anything.
> > > > > > What are you going to do? Sue them? If they wish to take a site
> > > > > offline, they will ddos it or simply seize the domain under the
> > > > > national security banner.
> > > > > > "<<"tei''>>>" <oscar.vives () gmail com> wrote:
> > > > > >
> > > > > > > On 20 May 2013 01:58, Michael Painter <tvhawaii () shaka com> wrote:
> > > > > > > >
> > http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
> > > > > > > >
> > > > > > >
> > > > > > > More on the same topic.
> > http://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/#more-19475
> > > > > > > Maybe the FBI use this to commit crimes in USA using a foreign
> > > > > company
> > > > > > > as proxy so nothing dirty show on the books. That way the FBI can
> > > > > > > avoid respecting USA laws.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > --
> > > > > > > ℱin del ℳensaje.
> > > > > >
> > > > > > --
> > > > > > Charles Wyble
> > > > > > charles () knownelement com / 818 280 7059
> > > > > > CTO Free Network Foundation (www.thefnf.org)
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
> > > >
> > > > --
> > > > Charles Wyble
> > > > charles () knownelement com / 818 280 7059
> > > > CTO Free Network Foundation (www.thefnf.org)
> > >
> > >
> > >
> > > --
> > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
> --
> Charles Wyble
> charles () knownelement com / 818 280 7059
> CTO Free Network Foundation (www.thefnf.org)