[AusNOG] census issues tonight
David Beveridge
dave at bevhost.com
Wed Aug 10 12:19:09 EST 2016
Maybe they're trying to spell out the need for data retention.
On Wed, Aug 10, 2016 at 12:16 PM, Paul Wilkins <paulwilkins369 at gmail.com>
wrote:
> Is anyone aware of a successful prosecution ever for a DoS? I'm curious,
> because the chain of evidence simply won't be available. At the attacked
> site, you'll have records, maybe that pass evidentiary rules, but trace
> that back to the source?
>
> Also the nature of the internet is that any TCP handshake is a request for
> service. It's not quite clear where multiple requests for service repeated
> rapidly is an attack, or even an attempted attack, but arguably only
> multiple requests for service. It's a fundamental problem with the internet
> infrastructure that any response from an open port is arguably an
> invitation to communicate. There's no discrimination on purpose, and
> proving criminal intent would be awkward. This is why I would think the
> successful prosecutions there have been have been where DOS have been
> accompanied by demands with menace, which is a different legal standard.
>
> Kind regards
>
> Paul Wilkins
>
>
> On 10 August 2016 at 11:56, paul+ausnog at oxygennetworks.com.au <
> paul+ausnog at oxygennetworks.com.au> wrote:
>
>> Consider precedent to be set !
>>
>>
>>
>> In the case of the ABS versus an unknown attacker……we find the attack to
>> be an attempt, not an attack, you’re clear !
>>
>>
>>
>> Paul
>>
>>
>>
>> *From:* James Troy [mailto:james.troy at asta.com.au]
>> *Sent:* Wednesday, 10 August 2016 11:48 AM
>> *To:* James Braunegg; paul+ausnog at oxygennetworks.com.au; 'Daniel';
>> ausnog at lists.ausnog.net
>> *Subject:* RE: [AusNOG] census issues tonight
>>
>>
>>
>> So for anyone who is bought up on hacking charges in the next 12 months
>> their defence can be “It’s not an attack, it was an attempt and therefore
>> should not be classified as an attack”
>>
>>
>>
>> Kind Regards,
>>
>> *James Troy*
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *James Braunegg
>> *Sent:* Wednesday, 10 August 2016 11:44 AM
>> *To:* paul+ausnog at oxygennetworks.com.au; 'Daniel';
>> ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> Meh when is an attempt an attack… durrr if you attempt something your
>> attacking something…. And the service was denied at the end of the day… and
>> the attack was completed by the ABS turning the site off…
>>
>>
>>
>> Gota love Australia ! Aussie Aussie Aussie Oi Oi Oi
>>
>>
>>
>> Kindest Regards
>>
>>
>>
>>
>> *James Braunegg**P:* 1300 769 972 | *M:* 0488 997 207 | *D:* (03)
>> 9751 7616
>>
>> *E:* james.braunegg at micron21.com | *ABN:* 12 109 977 666
>> *W:* www.micron21.com/ddos-protection *T:* @micron21
>>
>>
>>
>> Follow us on Twitter <http://www.twitter.com/micron21> for important
>> service and system updates.
>>
>> [image: M21.jpg]
>>
>>
>> This message is intended for the addressee named above. It may contain
>> privileged or confidential information. If you are not the intended
>> recipient of this message you must not use, copy, distribute or disclose it
>> to anyone other than the addressee. If you have received this message in
>> error please return the message to the sender by replying to it and then
>> delete the message from your computer.
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *
>> paul+ausnog at oxygennetworks.com.au
>> *Sent:* Wednesday, 10 August 2016 11:40 AM
>> *To:* 'Daniel' <satellite at internode.on.net>; ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> What a load of crap LOL, I love seeing people who know nothing about what
>> they are talking about try and talk about it, it’s good for a sitcom or 2….
>>
>>
>>
>> It wasn’t an attack, it was just an “attempt” ROFL
>>
>>
>>
>> Paul
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Daniel
>> *Sent:* Wednesday, 10 August 2016 11:34 AM
>> *To:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> The relevant minister (Michael McCormack) has released a statement
>> blaming DDoS in combination with a router hardware failure:
>>
>>
>>
>>
>>
>> “There was a large scale denial of service attempt to the census website
>> and online form. A denial of service is an attempt to block people from
>> accessing a website. Following, and because of this, there was a hardware
>> failure,” he said.
>>
>>
>>
>> “A router became overloaded. After this, what is known as a false
>> positive occurred. This is essentially a false alarm in some of the system
>> monitoring information. As a result the ABS employed a cautious strategy
>> which was to shut down the online census form to ensure the integrity of
>> the data already submitted was protected.
>>
>>
>>
>> “I will be clear from the outset, this was not an attack. Nor was it a
>> hack but rather, it was an attempt to frustrate the collection of bureau of
>> statistics census data. ABS census security was not compromised. I repeat,
>> not compromised and no data was lost.”
>>
>>
>>
>>
>>
>> http://www.theaustralian.com.au/national-affairs/census-2016
>> -website-crashes-under-weight-of-demand/news-story/1febee892
>> e1ab043c0e7682c7a3485a4
>>
>>
>>
>> (paywalled)
>>
>>
>>
>>
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Andy Taylor
>> *Sent:* Wednesday, 10 August 2016 10:57 AM
>> *To:* 'Nathanael Bettridge' <nathanael at prodigy.com.au>; 'Robert Hudson' <
>> hudrob at gmail.com>; 'Michael Keating' <mkeating44 at gmail.com>
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> I noticed last night before the system crashed completely the following
>> error:
>>
>>
>> “status -1 code 101”
>>
>>
>>
>> I don’t know much about .jsp, but it appears that this was an issue with
>> the header?
>>
>> Is it possible that this was a layer 7 attack that was being implemented?
>>
>>
>>
>> A *status code* of *101* indicates that the server is changing to the
>> protocol it defines in the "Upgrade" header it returns to the client. For
>> example, when requesting a page, a browser might receive a statis *code*
>> of *101*, followed by an "Upgrade" header showing that the server is
>> changing to a different version of HTTP.
>>
>>
>>
>> Andy Taylor
>>
>> *Technical Director*
>>
>>
>>
>> 0424 656 973
>>
>>
>>
>> [image: ca_logo]
>>
>>
>>
>> www.coastalaudio.com.au
>>
>>
>>
>>
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Nathanael Bettridge
>> *Sent:* Wednesday, 10 August 2016 10:53 AM
>> *To:* 'Robert Hudson' <hudrob at gmail.com>; 'Michael Keating' <
>> mkeating44 at gmail.com>
>> *Cc:* 'ausnog at lists.ausnog.net' <ausnog at lists.ausnog.net>
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> The validity of the data is suspect. Users in bad moods submitting info
>> that would otherwise be trustworthy, partially completed surveys, I’m sure
>> thousands of households that will now fall through the gaps, the spreading
>> out of census data over a much longer than normal time frame – as a
>> statistical snapshot the Census is effectively ruined.
>>
>>
>>
>> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
>> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Robert Hudson
>> *Sent:* Wednesday, 10 August 2016 10:44 AM
>> *To:* Michael Keating <mkeating44 at gmail.com>
>> *Cc:* ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] census issues tonight
>>
>>
>>
>> Why is it safe to say that the stored data is OK? What evidence do we
>> have to support that belief?
>>
>>
>>
>> On 10 Aug 2016 9:52 AM, "Michael Keating" <mkeating44 at gmail.com> wrote:
>>
>> I think the point being made, was that the distrust of the Census has
>> been increased with the failure of the website, and the mainstream media
>> taking the 'hacking' angle. It's safe to say the stored data is ok, but
>> there are millions more submissions to go. If people think it was 'hacked',
>> they won't give a truthful answer for fear of their information being
>> stolen (which we know, it won't). More of a general observation than a
>> technical observation (which I do agree with).
>>
>>
>>
>> On Wed, Aug 10, 2016 at 9:26 AM, Mark Andrews <marka at isc.org> wrote:
>>
>>
>> In message <c7617127-36a9-f5dc-894e-727a6700e016 at spectrum.com.au>, Matt
>> Perkins writes:
>> > If you ask me the dataset is now terminally compromised. This is
>> > essentially market research and peoples ability to answer that sort of
>> > stuff truthfully goes to how much the person doing the servery is
>> > trusted. With the ABS spouting stuff like Attack from overseas, people
>> > are very unlikely to tell the truth on this census.
>> >
>> > Fellas you blew it. Cancel the census reschedule for next year and send
>> > out paper form's Your collective uselessness just put us back 5 years.
>> >
>> > Matt
>>
>> A DoS attack does not make the dataset compromised.
>>
>> Having too small key space does. 1/100000 is not a big space for
>> computers to search through. It's only ~20 bits of security. A
>> extra 4 digits would have raised it to ~30 bits. A extra 8 digits
>> would have raised it to ~43 bits. Entering 5 x 4 digit sequences
>> is not hard. We do 4 x 4 + 3 for every visa / mastercard transaction
>> we do online today.
>>
>> Mark
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> ------------------------------
>>
>> *Total Control Panel*
>>
>> Login <https://antispam.avgcloud.net/login?domain=prodigy.com.au>
>>
>> To: nathanael at prodigy.com.au
>> <https://antispam.avgcloud.net/address-properties?aID=1106235830&domain=prodigy.com.au>
>>
>> From: ausnog-bounces at lists.ausnog.net
>>
>> Remove
>> <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-domain=1&hID=1359707166&domain=prodigy.com.au>
>> lists.ausnog.net from my allow list
>>
>> *You received this message because the domain lists.ausnog.net
>> <http://lists.ausnog.net> is on your allow list.*
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/3ee174ef/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/3ee174ef/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16869 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/3ee174ef/attachment-0001.png>
More information about the AusNOG
mailing list