[AusNOG] Possible DDoS attack against .au governmental sites-~65minutes from now.

Nick Brown nick at inticon.net.au
Wed Sep 9 23:10:39 EST 2009 

"A message posted on the Inquisitor website by the hacker, known as  
Anonymous"

And this right here is why the attack is a pointless exercise. If the  
media can't get the facts straight (Through a lack of understanding)  
what hope does your average MaPa, let alone Senator Conroy.



On 09/09/2009, at 10:42 PM, Kevin Collins wrote:

> its all over the news -
>
> THE Prime Minister's website has been hacked into in protest over  
> proposed reforms of internet censorship.
>
> The website, www.pm.gov.au, was brought down at about 7.20pm (AEST)  
> along with that of the Australian Communications and Media  
> Authority, but both were back online about an hour later.
>
> A message posted on the Inquisitor website by the hacker, known as  
> Anonymous, stated that the action was in response to a Federal  
> Government proposal to introduce mandatory internet filtering.
>
> The posting complains that the proposal to introduce internet  
> filtering would block legal content, and take censorship to levels  
> like that seen in China.
>
> "Not only will your rights be at stake, our Internet speeds will  
> slow down by 70 per cent, be mandatory for all Aussies and will not  
> protect us from evil AT ALL", the post said.
> Related Coverage
>
>     * Prime Minister's website hackedNEWS.com.au, 9 Sep 2009
>     * Web filter 'won't stop child porn'NEWS.com.au, 30 Mar 2009
>     * Internet black-lists, filter neededAdelaide Now, 27 Mar 2009
>     * Blacklists needed to combat child porn: ConroyAustralian IT,  
> 27 Mar 2009
>     * Education, not filtering, the answer: iiNetAustralian IT, 10  
> Feb 2009
>
>
> The posting, titled "Anonymous vs the Australian Government", also  
> gives a blow-by-blow account of the hacker's progress.
>
> "In two minutes from when I type this, Anonymous is declaring war on  
> the Australian Government over its decision to implement Draconian  
> internet censorship," the post said.
>
> "Tick tick tick.
>
> "Update: 7pm: and so it begins.
>
> "7:05pm (AEST), Ministers page is slow to load, but still up.
>
> "7:11pm weve confirmed on site (via a source) that the sites due to  
> be attacked have been taken down from the coordination page,  
> possibly before the raid.
>
> "7:18pm pm.gov.au DOWN!
>
> "7:21pm Kevin Rudd's page is down completely. Strike one to  
> Anonymous."
>
> A spokesman for Communications Minister Stephen Conroy said he had  
> received reports of the hack but could not confirm whether the  
> attack had been successful.
>
> However, he said the people responsible were misguided, adding that  
> the proposed filter would only be used to block illegal content.
>
> "The campaign that they're mounting is erroneous and misinformed,"  
> he said.
>
> "What the Government is proposing is to filter refused  
> classification content which includes imagery of child sexual abuse,  
> rape and bestiality."
>
> The Government has been conducting an internet filter trial which is  
> expected to be completed soon.
>
> A report will then be presented to Senator Conroy from which an  
> internet filter policy will be developed.
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net on behalf of Kooby.net
> Sent: Wed 09/09/2009 18:12
> Cc: ausnog at ausnog.net
> Subject: Re: [AusNOG] Possible DDoS attack against .au governmental  
> sites-~65minutes from now.
>
> Hello,
>
> To save you from visiting the terrible website that apparently  
> contains the
> target addresses you can view this list taken from the site:
>
> "DNS servers: dns3.sge.net, dns2.sge.net, dns.sge.net"
>
> "There are many different sites hosted by the same hosting company  
> that is
> providing internetz for our target:
> 152.91.62.160
> 152.91.62.139
> 152.91.62.145
> 152.91.62.146
> 152.91.62.148
> 152.91.62.161
> 152.91.62.162
> 152.92.1.66
> 152.92.1.68
> 152.92.1.71
> Some DNS Enumeration / Ports Found
> 205.239.168.16 admin.australia.gov.au
> 205.239.169.21 dev.australia.gov.au
> 203.13.0.99 login.australia.gov.au / 80 HTTP, 443 HTTPS
> 205.239.169.33 mail2.australia.gov.au
> 205.239.168.11 maps.australia.gov.au / 80 HTTP
> 202.125.14.244 search.australia.gov.au
> 205.239.168.15 services.australia.gov.au
> 205.239.168.13 staging.australia.gov.au
> 205.239.169.13 test.australia.gov.au
> 152.91.62.145 www.australia.gov.au / 80 HTTP
> media.australia.gov.au alias govsearch-failover.funnelback.com
> govsearch-failover.funnelback.com address 122.99.95.165"
>
> Cheers,
>
> Kooby.
>
> ----- Original Message -----
> From: "Bevan Slattery" <Bevan.Slattery at staff.pipenetworks.com>
> To: "Roland Dobbins" <rdobbins at arbor.net>
> Cc: <ausnog at ausnog.net>
> Sent: Wednesday, September 09, 2009 5:57 PM
> Subject: Re: [AusNOG] Possible DDoS attack against .au governmental
> sites -~65minutes from now.
>
>
> > Thanks for the heads up.
> >
> > Time to sit back and wait for the mrtg graphs tell the story :)
> >
> > [b]
> >
> >> -----Original Message-----
> >> From: ausnog-bounces at lists.ausnog.net
> >> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Roland  
> Dobbins
> >> Sent: Wednesday, September 09, 2009 5:56 PM
> >> To: ausnog at ausnog.net
> >> Subject: [AusNOG] Possible DDoS attack against .au
> >> governmental sites - ~65minutes from now.
> >>
> >>
> >> There were some rumblings last week that a DDoS attack
> >> against .au governmental sites might take place today in
> >> order to protest the
> >> Internet filtering plans being posited by the present .au
> >> government.
> >> I didn't take it very seriously at the time, because no one
> >> seemed to have any specifics.
> >>
> >> This has now changed; it's apparently Anonymous who're
> >> supposedly going to do this in about 70 minutes, and they've
> >> a considerable track record of mischief, sort of a '4chan
> >> Lite'.  I've no idea whether the attacks will actually take
> >> place, but heightened vigilance is a good idea, especially as
> >> outbound DDoS from botted hosts can be just as disruptive to
> >> the networks in question as inbound DDoS.
> >>
> >> SANS posted something on it here:
> >>
> >> <http://isc.sans.org/diary.html?storyid=7108>
> >>
> >> There's an extremely NSFW wiki page being used to coordinate the
> >> putative attacks, along with an IRC server/channel.   I'm not
> >> going to
> >> link to them here, but some digging with various search
> >> engines can find them with relative ease.
> >>
> >> Again, I've no idea whether or not this will actually happen,
> >> just a heads-up.
> >>
> >> --------------------------------------------------------------
> >> ---------
> >> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com 
> >
> >>
> >> Sorry, sometimes I mistake your existential crises for
> >> technical insights.
> >>
> >> -- xkcd #625
> >>
> >> _______________________________________________
> >> AusNOG mailing list
> >> AusNOG at lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090909/f7687b45/attachment.html>

More information about the AusNOG mailing list