[AusNOG] Possible DDoS attack against .au governmental sites-~65minutes from now.

Mark Caetano mark at akami.info
Thu Sep 10 00:24:03 EST 2009


You're exactly right Shaun, the fact that it is so easily bypassed is  
what makes it so pointless. Next thing you know, your average MaPa's  
and 16 year olds have a VPN tunnel set up to bypass these filters that  
these people themselves are paying for.

Does anyone happen to have a screenshot of what happened to the PM/ 
ACMA's site?

If anyone remembers, this is what happened  to the ACMA a while back,  
believed to be an SQL injection to their CMS:
http://mcaetano.info/whirlpool_content/screenshots/Classification.JPG

-Mark

On 09/09/2009, at 11:56 PM, Shaun Dwyer wrote:

> *sigh*
>
> Once again, Conroy gets it wrong/saves face by sidestepping the real  
> issue....
>
> The issue is still that censorship is simply a bad idea. There is no  
> argument about what they claim it is intended to block - yes it is  
> bad. Its the (already demonstrated) collateral damage that is  
> unacceptable. This is what all the complaints are about.
>
> Fact is no matter how its implemented, any mandatory filter will be  
> nothing more than an annoyance to anyone wanting to bypass it  
> (including the youngest high school student). HTTPS, ssh socks  
> tunnel to a US colo, etc etc.
>
> I just love how the politicians change the issue/proposal to suit  
> whatever will win them votes that week, as opposed to whats best for  
> the bulk of Australia. First its 'default on, opt out filtering to  
> protect your kids from the evil on the internet', its eventually  
> morphed into the now 'our latest crime fighting tool to stop pedos,  
> child porn, terrorism etc, whilst imposing our good christian values  
> on everyone, invited or not'.
>
> This is just like "hoon" laws, only impossible for the government to  
> implement on their own because it requires technical changes, not  
> just legislature. Its purely an attempt at winning more votes.
>
> I'm sure none of this is news to anyone here though, except perhaps  
> the technically inept/brainwashed journalists and or government  
> types who lurk.
>
> -Shaun
>
>
>
> On 09/09/2009, at 9:10 PM, Nick Brown wrote:
>
>> "A message posted on the Inquisitor website by the hacker, known as  
>> Anonymous"
>>
>> And this right here is why the attack is a pointless exercise. If  
>> the media can't get the facts straight (Through a lack of  
>> understanding) what hope does your average MaPa, let alone Senator  
>> Conroy.
>>
>>
>>
>> On 09/09/2009, at 10:42 PM, Kevin Collins wrote:
>>
>>> its all over the news -
>>>
>>> THE Prime Minister's website has been hacked into in protest over  
>>> proposed reforms of internet censorship.
>>>
>>> The website, www.pm.gov.au, was brought down at about 7.20pm  
>>> (AEST) along with that of the Australian Communications and Media  
>>> Authority, but both were back online about an hour later.
>>>
>>> A message posted on the Inquisitor website by the hacker, known as  
>>> Anonymous, stated that the action was in response to a Federal  
>>> Government proposal to introduce mandatory internet filtering.
>>>
>>> The posting complains that the proposal to introduce internet  
>>> filtering would block legal content, and take censorship to levels  
>>> like that seen in China.
>>>
>>> "Not only will your rights be at stake, our Internet speeds will  
>>> slow down by 70 per cent, be mandatory for all Aussies and will  
>>> not protect us from evil AT ALL", the post said.
>>> Related Coverage
>>>
>>>     * Prime Minister's website hackedNEWS.com.au, 9 Sep 2009
>>>     * Web filter 'won't stop child porn'NEWS.com.au, 30 Mar 2009
>>>     * Internet black-lists, filter neededAdelaide Now, 27 Mar 2009
>>>     * Blacklists needed to combat child porn: ConroyAustralian IT,  
>>> 27 Mar 2009
>>>     * Education, not filtering, the answer: iiNetAustralian IT, 10  
>>> Feb 2009
>>>
>>>
>>> The posting, titled "Anonymous vs the Australian Government", also  
>>> gives a blow-by-blow account of the hacker's progress.
>>>
>>> "In two minutes from when I type this, Anonymous is declaring war  
>>> on the Australian Government over its decision to implement  
>>> Draconian internet censorship," the post said.
>>>
>>> "Tick tick tick.
>>>
>>> "Update: 7pm: and so it begins.
>>>
>>> "7:05pm (AEST), Ministers page is slow to load, but still up.
>>>
>>> "7:11pm weve confirmed on site (via a source) that the sites due  
>>> to be attacked have been taken down from the coordination page,  
>>> possibly before the raid.
>>>
>>> "7:18pm pm.gov.au DOWN!
>>>
>>> "7:21pm Kevin Rudd's page is down completely. Strike one to  
>>> Anonymous."
>>>
>>> A spokesman for Communications Minister Stephen Conroy said he had  
>>> received reports of the hack but could not confirm whether the  
>>> attack had been successful.
>>>
>>> However, he said the people responsible were misguided, adding  
>>> that the proposed filter would only be used to block illegal  
>>> content.
>>>
>>> "The campaign that they're mounting is erroneous and misinformed,"  
>>> he said.
>>>
>>> "What the Government is proposing is to filter refused  
>>> classification content which includes imagery of child sexual  
>>> abuse, rape and bestiality."
>>>
>>> The Government has been conducting an internet filter trial which  
>>> is expected to be completed soon.
>>>
>>> A report will then be presented to Senator Conroy from which an  
>>> internet filter policy will be developed.
>>>
>>>
>>> -----Original Message-----
>>> From: ausnog-bounces at lists.ausnog.net on behalf of Kooby.net
>>> Sent: Wed 09/09/2009 18:12
>>> Cc: ausnog at ausnog.net
>>> Subject: Re: [AusNOG] Possible DDoS attack against .au  
>>> governmental sites-~65minutes from now.
>>>
>>> Hello,
>>>
>>> To save you from visiting the terrible website that apparently  
>>> contains the
>>> target addresses you can view this list taken from the site:
>>>
>>> "DNS servers: dns3.sge.net, dns2.sge.net, dns.sge.net"
>>>
>>> "There are many different sites hosted by the same hosting company  
>>> that is
>>> providing internetz for our target:
>>> 152.91.62.160
>>> 152.91.62.139
>>> 152.91.62.145
>>> 152.91.62.146
>>> 152.91.62.148
>>> 152.91.62.161
>>> 152.91.62.162
>>> 152.92.1.66
>>> 152.92.1.68
>>> 152.92.1.71
>>> Some DNS Enumeration / Ports Found
>>> 205.239.168.16 admin.australia.gov.au
>>> 205.239.169.21 dev.australia.gov.au
>>> 203.13.0.99 login.australia.gov.au / 80 HTTP, 443 HTTPS
>>> 205.239.169.33 mail2.australia.gov.au
>>> 205.239.168.11 maps.australia.gov.au / 80 HTTP
>>> 202.125.14.244 search.australia.gov.au
>>> 205.239.168.15 services.australia.gov.au
>>> 205.239.168.13 staging.australia.gov.au
>>> 205.239.169.13 test.australia.gov.au
>>> 152.91.62.145 www.australia.gov.au / 80 HTTP
>>> media.australia.gov.au alias govsearch-failover.funnelback.com
>>> govsearch-failover.funnelback.com address 122.99.95.165"
>>>
>>> Cheers,
>>>
>>> Kooby.
>>>
>>> ----- Original Message -----
>>> From: "Bevan Slattery" <Bevan.Slattery at staff.pipenetworks.com>
>>> To: "Roland Dobbins" <rdobbins at arbor.net>
>>> Cc: <ausnog at ausnog.net>
>>> Sent: Wednesday, September 09, 2009 5:57 PM
>>> Subject: Re: [AusNOG] Possible DDoS attack against .au governmental
>>> sites -~65minutes from now.
>>>
>>>
>>> > Thanks for the heads up.
>>> >
>>> > Time to sit back and wait for the mrtg graphs tell the story :)
>>> >
>>> > [b]
>>> >
>>> >> -----Original Message-----
>>> >> From: ausnog-bounces at lists.ausnog.net
>>> >> [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Roland  
>>> Dobbins
>>> >> Sent: Wednesday, September 09, 2009 5:56 PM
>>> >> To: ausnog at ausnog.net
>>> >> Subject: [AusNOG] Possible DDoS attack against .au
>>> >> governmental sites - ~65minutes from now.
>>> >>
>>> >>
>>> >> There were some rumblings last week that a DDoS attack
>>> >> against .au governmental sites might take place today in
>>> >> order to protest the
>>> >> Internet filtering plans being posited by the present .au
>>> >> government.
>>> >> I didn't take it very seriously at the time, because no one
>>> >> seemed to have any specifics.
>>> >>
>>> >> This has now changed; it's apparently Anonymous who're
>>> >> supposedly going to do this in about 70 minutes, and they've
>>> >> a considerable track record of mischief, sort of a '4chan
>>> >> Lite'.  I've no idea whether the attacks will actually take
>>> >> place, but heightened vigilance is a good idea, especially as
>>> >> outbound DDoS from botted hosts can be just as disruptive to
>>> >> the networks in question as inbound DDoS.
>>> >>
>>> >> SANS posted something on it here:
>>> >>
>>> >> <http://isc.sans.org/diary.html?storyid=7108>
>>> >>
>>> >> There's an extremely NSFW wiki page being used to coordinate the
>>> >> putative attacks, along with an IRC server/channel.   I'm not
>>> >> going to
>>> >> link to them here, but some digging with various search
>>> >> engines can find them with relative ease.
>>> >>
>>> >> Again, I've no idea whether or not this will actually happen,
>>> >> just a heads-up.
>>> >>
>>> >> --------------------------------------------------------------
>>> >> ---------
>>> >> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com 
>>> >
>>> >>
>>> >> Sorry, sometimes I mistake your existential crises for
>>> >> technical insights.
>>> >>
>>> >> -- xkcd #625
>>> >>
>>> >> _______________________________________________
>>> >> AusNOG mailing list
>>> >> AusNOG at lists.ausnog.net
>>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> >>
>>> > _______________________________________________
>>> > AusNOG mailing list
>>> > AusNOG at lists.ausnog.net
>>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090910/6adcce1a/attachment.html>


More information about the AusNOG mailing list