Massive DDoS attack taking place against USA
Tricks @ Fri Jun 12, 2020 6:10 pm
Freakinoldguy Freakinoldguy:
Not being up on the dark web and masking your identity I still have a question. Wouldn't all these IP addresses be masked making the identifying country meaningless?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
They aren't being initiated by those countries. That's where the server sees the traffic originating from, which means it's either being spoofed or they have bot farms in those countries.
Freakinoldguy @ Fri Jun 12, 2020 10:17 pm
Tricks Tricks:
Freakinoldguy Freakinoldguy:
Not being up on the dark web and masking your identity I still have a question. Wouldn't all these IP addresses be masked making the identifying country meaningless?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
They aren't being initiated by those countries. That's where the server sees the traffic originating from, which means it's either being spoofed or they have bot farms in those countries.
Isn't that what I said?
I figured that no country or organization would be stupid enough to actually use a live IP address because the consequences would be catastrophic for them. But, what I was questioning was the need for the countries flag identifiers when everyone knows that isn't where the attacks are coming from.
Tricks @ Sat Jun 13, 2020 9:27 am
Freakinoldguy Freakinoldguy:
Tricks Tricks:
Freakinoldguy Freakinoldguy:
Not being up on the dark web and masking your identity I still have a question. Wouldn't all these IP addresses be masked making the identifying country meaningless?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
Especially, since the list is missing the usual culprits like the Norks. Then when you see China on the list at number 10 after all the money and time they've spent on their cyber warfare division I wouldn't be surprised that the majority of these attacks are from countries other than Switzerland, Holland and the UK?
They aren't being initiated by those countries. That's where the server sees the traffic originating from, which means it's either being spoofed or they have bot farms in those countries.
Isn't that what I said?
I figured that no country or organization would be stupid enough to actually use a live IP address because the consequences would be catastrophic for them. But, what I was questioning was the need for the countries flag identifiers when everyone knows that isn't where the attacks are coming from.
The IPs that are being registered may not be complicit in the attack. They could be compromised networks that attackers use to their own means. So the IPs may be valid, it's not nearly enough to go off of.
Freakinoldguy @ Sat Jun 13, 2020 10:11 am
Tricks Tricks:
The IPs that are being registered may not be complicit in the attack. They could be compromised networks that attackers use to their own means. So the IPs may be valid, it's not nearly enough to go off of.
So those are valid IP addresses that have been hijacked by the attackers? Makes sense, especially since I ran into the same type of things with phone numbers. Got a call saying that our credit card had been compromised and then they gave a number to phone to confirm.
After reverse phone number check it turned out to be a telecom company in Ontario that was a legitimate business but if you'd phoned it you would have gotten the scammers. Apparently according to the BBB this company's number had been hijacked numerous times before.
So I'm assuming this is very similar?
bootlegga @ Sat Jun 13, 2020 10:56 am
Tricks Tricks:
bootlegga bootlegga:
DrCaleb DrCaleb:
The Dutch and Swiss? ![[huh]](./images/smilies/icon_scratch.gif "huh?")
And 195.54.161.x are dicks.
And 195.54.161.x are dicks.
I would think it could be compromised PCs there being used remotely, but I'm not in the IT world, so I can't sy for sure.
Botnets.
Yeah, that's what I was thinking, but couldn't recall the term for it.
DrCaleb @ Sat Jun 13, 2020 11:03 am
Freakinoldguy Freakinoldguy:
Tricks Tricks:
The IPs that are being registered may not be complicit in the attack. They could be compromised networks that attackers use to their own means. So the IPs may be valid, it's not nearly enough to go off of.
So those are valid IP addresses that have been hijacked by the attackers? Makes sense, especially since I ran into the same type of things with phone numbers. Got a call saying that our credit card had been compromised and then they gave a number to phone to confirm.
After reverse phone number check it turned out to be a telecom company in Ontario that was a legitimate business but if you'd phoned it you would have gotten the scammers. Apparently according to the BBB this company's number had been hijacked numerous times before.
So I'm assuming this is very similar?
Sort of. There are indeed servers or appliances that get hacked, and turned into bots to create huge data storms that affect infrastructure - much like taking over a company phone system to propagate a scam.
But there are also some direct addresses that do attacks, and you can tell by the methods they use that they are a hostile entity. A network I administered used to get attacked by IPs that came back to a building in Beijing that housed a division of the Chinese Army.
The scripts they used did certain things in a certain order, just a a probe of our network defence. Now, then I saw that same very specific list of things happening from a IP coming from Belize, I didn't for a second thing that Belize was attacking us.
But the "sort of" above is conditional in that it depends on a relatively robust machine doing the attacking. Someone's home thermostat isn't capable of subtle attacks, only the most unsophisticated ones. But that doesn't mean that they aren't controlled by the same groups.
Tricks @ Sat Jun 13, 2020 11:17 am
DrCaleb DrCaleb:
Freakinoldguy Freakinoldguy:
Tricks Tricks:
The IPs that are being registered may not be complicit in the attack. They could be compromised networks that attackers use to their own means. So the IPs may be valid, it's not nearly enough to go off of.
So those are valid IP addresses that have been hijacked by the attackers? Makes sense, especially since I ran into the same type of things with phone numbers. Got a call saying that our credit card had been compromised and then they gave a number to phone to confirm.
After reverse phone number check it turned out to be a telecom company in Ontario that was a legitimate business but if you'd phoned it you would have gotten the scammers. Apparently according to the BBB this company's number had been hijacked numerous times before.
So I'm assuming this is very similar?
Sort of. There are indeed servers or appliances that get hacked, and turned into bots to create huge data storms that affect infrastructure - much like taking over a company phone system to propagate a scam.
But there are also some direct addresses that do attacks, and you can tell by the methods they use that they are a hostile entity. A network I administered used to get attacked by IPs that came back to a building in Beijing that housed a division of the Chinese Army.
The scripts they used did certain things in a certain order, just a a probe of our network defence. Now, then I saw that same very specific list of things happening from a IP coming from Belize, I didn't for a second thing that Belize was attacking us.
But the "sort of" above is conditional in that it depends on a relatively robust machine doing the attacking. Someone's home thermostat isn't capable of subtle attacks, only the most unsophisticated ones. But that doesn't mean that they aren't controlled by the same groups.
^ pretty much that.
DrCaleb @ Tue Jun 16, 2020 10:22 am
$1:
Ripple20 vulnerabilities will haunt the IoT landscape for years to come
Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years.
Security
Affected products include smart home devices, power grid equipment, healthcare systems, industrial gear, transportation systems, printers, routers, mobile/satellite communications equipment, data center devices, commercial aircraft devices, various enterprise solutions, and many others.
Experts now fear that all products using this library will most likely remain unpatched due to complex or untracked software supply chains.
Problems arise from the fact that the library was not only used by equipment vendors directly but also integrated into other software suites, which means that many companies aren't even aware that they're using this particular piece of code, and the name of the vulnerable library doesn't appear in their code manifests.
hese vulnerabilities -- collectively referred to as Ripple20 -- impact a small library developed by Cincinnati-based software company Treck.
The library, believed to have been first released in 1997, implements a lightweight TCP/IP stack. Companies have been using this library for decades to allow their devices or software to connect to the internet via TCP/IP connections.
Cyber-security experts have revealed today 19 vulnerabilities in a small library designed in the 90s that has been widely used and integrated into countless of enterprise and consumer-grade products over the last 20+ years.
Security
Affected products include smart home devices, power grid equipment, healthcare systems, industrial gear, transportation systems, printers, routers, mobile/satellite communications equipment, data center devices, commercial aircraft devices, various enterprise solutions, and many others.
Experts now fear that all products using this library will most likely remain unpatched due to complex or untracked software supply chains.
Problems arise from the fact that the library was not only used by equipment vendors directly but also integrated into other software suites, which means that many companies aren't even aware that they're using this particular piece of code, and the name of the vulnerable library doesn't appear in their code manifests.
hese vulnerabilities -- collectively referred to as Ripple20 -- impact a small library developed by Cincinnati-based software company Treck.
The library, believed to have been first released in 1997, implements a lightweight TCP/IP stack. Companies have been using this library for decades to allow their devices or software to connect to the internet via TCP/IP connections.
https://www.zdnet.com/article/ripple20- ... s-to-come/
Scape @ Thu Jun 18, 2020 6:46 pm
T-Mobile Outage Whipped Conspiracy Theorists Into a Frenzy — Here’s What Really Happened