[AusNOG] census issues tonight

Paul Wilkins paulwilkins369 at gmail.com
Wed Aug 10 12:16:27 EST 2016


Is anyone aware of a successful prosecution ever for a DoS? I'm curious,
because the chain of evidence simply won't be available. At the attacked
site, you'll have records, maybe that pass evidentiary rules, but trace
that back to the source?

Also the nature of the internet is that any TCP handshake is a request for
service. It's not quite clear where multiple requests for service repeated
rapidly is an attack, or even an attempted attack, but arguably only
multiple requests for service. It's a fundamental problem with the internet
infrastructure that any response from an open port is arguably an
invitation to communicate. There's no discrimination on purpose, and
proving criminal intent would be awkward. This is why I would think the
successful prosecutions there have been have been where DOS have been
accompanied by demands with menace, which is a different legal standard.

Kind regards

Paul Wilkins


On 10 August 2016 at 11:56, paul+ausnog at oxygennetworks.com.au <
paul+ausnog at oxygennetworks.com.au> wrote:

> Consider precedent to be set !
>
>
>
> In the case of the ABS versus an unknown attacker……we find the attack to
> be an attempt, not an attack, you’re clear !
>
>
>
> Paul
>
>
>
> *From:* James Troy [mailto:james.troy at asta.com.au]
> *Sent:* Wednesday, 10 August 2016 11:48 AM
> *To:* James Braunegg; paul+ausnog at oxygennetworks.com.au; 'Daniel';
> ausnog at lists.ausnog.net
> *Subject:* RE: [AusNOG] census issues tonight
>
>
>
> So for anyone who is bought up on hacking charges in the next 12 months
> their defence can be “It’s not an attack, it was an attempt and therefore
> should not be classified as an attack”
>
>
>
> Kind Regards,
>
> *James Troy*
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *James Braunegg
> *Sent:* Wednesday, 10 August 2016 11:44 AM
> *To:* paul+ausnog at oxygennetworks.com.au; 'Daniel'; ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> Meh when is an attempt an attack… durrr if you attempt something your
> attacking something…. And the service was denied at the end of the day… and
> the attack was completed by the ABS turning the site off…
>
>
>
> Gota love Australia ! Aussie Aussie Aussie Oi Oi Oi
>
>
>
> Kindest Regards
>
>
>
>
> *James Braunegg**P:*  1300 769 972  |  *M:*  0488 997 207 |  *D:*  (03)
> 9751 7616
>
> *E:*   james.braunegg at micron21.com  |  *ABN:*  12 109 977 666
> *W:*  www.micron21.com/ddos-protection   *T:* @micron21
>
>
>
> Follow us on Twitter <http://www.twitter.com/micron21> for important
> service and system updates.
>
> [image: M21.jpg]
>
>
> This message is intended for the addressee named above. It may contain
> privileged or confidential information. If you are not the intended
> recipient of this message you must not use, copy, distribute or disclose it
> to anyone other than the addressee. If you have received this message in
> error please return the message to the sender by replying to it and then
> delete the message from your computer.
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *
> paul+ausnog at oxygennetworks.com.au
> *Sent:* Wednesday, 10 August 2016 11:40 AM
> *To:* 'Daniel' <satellite at internode.on.net>; ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> What a load of crap LOL, I love seeing people who know nothing about what
> they are talking about try and talk about it, it’s good for a sitcom or 2….
>
>
>
> It wasn’t an attack, it was just an “attempt” ROFL
>
>
>
> Paul
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Daniel
> *Sent:* Wednesday, 10 August 2016 11:34 AM
> *To:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> The relevant minister (Michael McCormack) has released a statement blaming
> DDoS in combination with a router hardware failure:
>
>
>
>
>
> “There was a large scale denial of service attempt to the census website
> and online form. A denial of service is an attempt to block people from
> accessing a website. Following, and because of this, there was a hardware
> failure,” he said.
>
>
>
> “A router became overloaded. After this, what is known as a false positive
> occurred. This is essentially a false alarm in some of the system
> monitoring information. As a result the ABS employed a cautious strategy
> which was to shut down the online census form to ensure the integrity of
> the data already submitted was protected.
>
>
>
> “I will be clear from the outset, this was not an attack. Nor was it a
> hack but rather, it was an attempt to frustrate the collection of bureau of
> statistics census data. ABS census security was not compromised. I repeat,
> not compromised and no data was lost.”
>
>
>
>
>
> http://www.theaustralian.com.au/national-affairs/census-
> 2016-website-crashes-under-weight-of-demand/news-story/
> 1febee892e1ab043c0e7682c7a3485a4
>
>
>
> (paywalled)
>
>
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Andy Taylor
> *Sent:* Wednesday, 10 August 2016 10:57 AM
> *To:* 'Nathanael Bettridge' <nathanael at prodigy.com.au>; 'Robert Hudson' <
> hudrob at gmail.com>; 'Michael Keating' <mkeating44 at gmail.com>
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> I noticed last night before the system crashed completely the following
> error:
>
>
> “status -1 code 101”
>
>
>
> I don’t know much about .jsp, but it appears that this was an issue with
> the header?
>
> Is it possible that this was a layer 7 attack that was being implemented?
>
>
>
> A *status code* of *101* indicates that the server is changing to the
> protocol it defines in the "Upgrade" header it returns to the client. For
> example, when requesting a page, a browser might receive a statis *code*
> of *101*, followed by an "Upgrade" header showing that the server is
> changing to a different version of HTTP.
>
>
>
> Andy Taylor
>
> *Technical Director*
>
>
>
> 0424 656 973
>
>
>
> [image: ca_logo]
>
>
>
> www.coastalaudio.com.au
>
>
>
>
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Nathanael Bettridge
> *Sent:* Wednesday, 10 August 2016 10:53 AM
> *To:* 'Robert Hudson' <hudrob at gmail.com>; 'Michael Keating' <
> mkeating44 at gmail.com>
> *Cc:* 'ausnog at lists.ausnog.net' <ausnog at lists.ausnog.net>
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> The validity of the data is suspect. Users in bad moods submitting info
> that would otherwise be trustworthy, partially completed surveys, I’m sure
> thousands of households that will now fall through the gaps, the spreading
> out of census data over a much longer than normal time frame – as a
> statistical snapshot the Census is effectively ruined.
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net
> <ausnog-bounces at lists.ausnog.net>] *On Behalf Of *Robert Hudson
> *Sent:* Wednesday, 10 August 2016 10:44 AM
> *To:* Michael Keating <mkeating44 at gmail.com>
> *Cc:* ausnog at lists.ausnog.net
> *Subject:* Re: [AusNOG] census issues tonight
>
>
>
> Why is it safe to say that the stored data is OK? What evidence do we have
> to support that belief?
>
>
>
> On 10 Aug 2016 9:52 AM, "Michael Keating" <mkeating44 at gmail.com> wrote:
>
> I think the point being made, was that the distrust of the Census has been
> increased with the failure of the website, and the mainstream media taking
> the 'hacking' angle. It's safe to say the stored data is ok, but there are
> millions more submissions to go. If people think it was 'hacked', they
> won't give a truthful answer for fear of their information being stolen
> (which we know, it won't). More of a general observation than a technical
> observation (which I do agree with).
>
>
>
> On Wed, Aug 10, 2016 at 9:26 AM, Mark Andrews <marka at isc.org> wrote:
>
>
> In message <c7617127-36a9-f5dc-894e-727a6700e016 at spectrum.com.au>, Matt
> Perkins writes:
> > If you ask me the dataset is now terminally compromised. This is
> > essentially market research and peoples ability to answer that sort of
> > stuff truthfully goes to how much the person doing the servery is
> > trusted. With the ABS spouting stuff like Attack from overseas, people
> > are very unlikely to tell the truth on this census.
> >
> > Fellas you blew it.  Cancel the census reschedule for next year and send
> > out paper form's Your collective uselessness just put us back 5 years.
> >
> > Matt
>
> A DoS attack does not make the dataset compromised.
>
> Having too small key space does.  1/100000 is not a big space for
> computers to search through.  It's only ~20 bits of security.  A
> extra 4 digits would have raised it to ~30 bits.  A extra 8 digits
> would have raised it to ~43 bits.  Entering 5 x 4 digit sequences
> is not hard.  We do 4 x 4 + 3 for every visa / mastercard transaction
> we do online today.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ------------------------------
>
> *Total Control Panel*
>
> Login <https://antispam.avgcloud.net/login?domain=prodigy.com.au>
>
> To: nathanael at prodigy.com.au
> <https://antispam.avgcloud.net/address-properties?aID=1106235830&domain=prodigy.com.au>
>
> From: ausnog-bounces at lists.ausnog.net
>
> Remove
> <https://antispam.avgcloud.net/FooterAction?ver=3&un-wl-sender-domain=1&hID=1359707166&domain=prodigy.com.au>
> lists.ausnog.net from my allow list
>
> *You received this message because the domain lists.ausnog.net
> <http://lists.ausnog.net> is on your allow list.*
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/542ce7a3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/542ce7a3/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16869 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160810/542ce7a3/attachment.png>


More information about the AusNOG mailing list