Freedoms Phoenix Distributed Denial-of-Service Attack Yields Interesting Information :)
Hour 1 - 3
Published on Jun 9, 2013
James Bamford on Democracy Now! 10 14 2008AT&T and Verizon, that are secretly working with the NSA and tapping Americans' phone lines, and these companies actually outsource the actual tapping . Narus, which was founded in Israel and has large Israel connections, does the—basically the tapping of the communications on AT&T. And Verizon chose another company, ironically also founded in Israel and largely controlled by and developed by people in Israel called Verint
Following the superficial forensic analysis below,... is the 'Rest of the Story' that is even more interesting.
(http://www.websense.com/content/home.aspx)
208.80.194.60 - 9309
208.80.194.63 - 119
208.80.194.64 - 801
208.80.194.66 - 5796
208.80.194.69 - 748
208.80.194.71 - 9937
(Arabic for FreedomsPhoenix)
The almost relentless series of requests brought our server down for several hours, and effected a denial of service to legitimate and non-malicious users.
Other than a denial of service, what do you claim as the purpose of your scans?
-- Michael Kielsky
BetterThanYours.com
http://BetterThanYours.com
+1.888.398.4405
____________________________________________
CONFIDENTIALITY NOTICE: THIS COMMUNICATION (INCLUDING ITS ATTACHMENTS) IS FOR THE SOLE USE OF THE INTENDED RECIPIENT(S), AND MAY BE CONFIDENTIAL, PRIVILEGED, AND EXEMPT FROM DISCLOSURE, AS PROVIDED BY THE ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 USC §§ 2510-2521 AND OTHER APPLICABLE LAWS AND REGULATIONS. INTERCEPTION, DISCLOSURE, REVIEW, USE, COPYING, DISSEMINATION OR DISTRIBUTION BY ANYONE EXCEPT THE INTENDED RECIPIENT(S) IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, IMMEDIATELY DESTROY ALL COPIES AND ATTACHMENTS, AND NOTIFY THE SENDER. IF YOU ARE AN INTENDED RECIPIENT BUT DO NOT WISH TO RECEIVE COMMUNICATIONS THROUGH THIS MEDIUM, PLEASE ADVISE THE SENDER IMMEDIATELY.
____________________________________________
-----Original Message-----
From: Websense Labs [mailto:suggest@websense.com]
Sent: Tuesday, November 29, 2011 12:55 PM
To: Michael@BetterThanYours.com
Subject: RE: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194. [ ref:00D27dP.5002J4ABr:ref ]
Hello,
The hits in question originated due to a Websense ThreatSeeker Network Web scan. These hits are not related to any security events.
If you would like to be removed from the Websense ThreatSeeker Network Web scan, please kindly assist us in providing the web address/URL of the scanned web page.
If you have any questions and/or need any additional information, please let us know.
Thank you for your inquiry,
Olga
Websense Labs
--------------- Original Message ---------------
From: Websense Labs [suggest@websense.com]
Sent: 11/28/2011 8:55 AM
To: L@websense.com
Subject: RE: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71 - Websense Security Labs Case: 00857333 (ref:00D27dP.5002J4ABr:ref)
Greetings,
Thank you for contacting Websense Labs Research Team.
Your inquiry has been received and assigned case # 00857333. A Websense Labs Researcher will respond shortly.
Useful Online Research Tools:
Site Lookup Tool: Check URL Category / Submit URL for Review
ACEInsight: Obtain Detailed URL Info
Category Definitions: Review Categorization Criteria
Sincerely,
Websense Labs
Check out Security Labs Blog: http://community.websense.com/blogs/securitylabs/
Case Details:
Subject: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71
Description:
From: Michael Kielsky [mailto:Michael@BetterThanYours.com]
Sent: Wednesday, November 23, 2011 5:54 PM
To: Websense Info
Subject: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71
Importance: High
Dear Websense / To Whom It May Concern:
On the afternoon of Nov. 23, 2011, from approximately 12:10 MST (-0700) and until we blocked the addresses at around 16:56 MST (-0700), various IP addresses delegated to you were the source of a long series of requests which amounted to a DDoS.
These IP addresses were the source of approximately 26,875 complex HTTP server requests, which resulted in our services suffering nearly 4 hours of downtime.
The IP addresses we have identified as issuing these apparently malicious requests included (the last figure is the number of identified request originating from that IP):
208.80.194.58 - 165
208.80.194.60 - 9309
208.80.194.63 - 119
208.80.194.64 - 801
208.80.194.66 - 5796
208.80.194.69 - 748
208.80.194.71 - 9937
Until further notice, we have blocked the entire 208.80.194.0/24 IP address block. Once you have identified the source of the apparently malicious traffic and resolved the issue, please contact us so that we may remove the block, if appropriate.
If you would like to receive further details, please inquire.
I trust that you will look into this issue, and disable or disconnect any source of malicious HTTP requests.
In Liberty,
-- Michael Kielsky
BetterThanYours.com
http://BetterThanYours.com<http://betterthanyours.com/>
+1.888.398.4405
____________________________________________
CONFIDENTIALITY NOTICE: THIS COMMUNICATION (INCLUDING ITS ATTACHMENTS) IS FOR THE SOLE USE OF THE INTENDED RECIPIENT(S), AND MAY BE CONFIDENTIAL, PRIVILEGED, AND EXEMPT FROM DISCLOSURE, AS PROVIDED BY THE ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 USC §§ 2510-2521 AND OTHER APPLICABLE LAWS AND REGULATIONS. INTERCEPTION, DISCLOSURE, REVIEW, USE, COPYING, DISSEMINATION OR DISTRIBUTION BY ANYONE EXCEPT THE INTENDED RECIPIENT(S) IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, IMMEDIATELY DESTROY ALL COPIES AND ATTACHMENTS, AND NOTIFY THE SENDER. IF YOU ARE AN INTENDED RECIPIENT BUT DO NOT WISH TO RECEIVE COMMUNICATIONS THROUGH THIS MEDIUM, PLEASE ADVISE THE SENDER IMMEDIATELY.
____________________________________________
Click here<https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==> to report this email as spam.
Protected by Websense Hosted Email Security -- www.websense.com
ref:00D27dP.5002J4ABr:ref
News Link •
History Jim Quinn: The Gathering Storm (Publisher Recommended) 03-14-2011 • ZeroHedge.com An examination and understanding of history would have revealed that we have been here before. We were here in 1773. We were here in 1860. We were here in 1929. We are here again. The Fourth Turning has returned in its predictable cycle, just as...
News Link • Economy - International Kyle Bass pawns BBC's HARDtalk (Publisher Recommended) 11-20-2011 • www.wallstreetoasis.com Kyle Bass on the other hand knows his shit cold, and on the show last Friday the subprime superstar didn’t hold back on taking down Sara Montague’s accusive, somewhat insulting rhetoric and absolutely decimated her absurdly sensationalist arguments.
|