…… *** EMERGENCY NEED: Cisco Firewall Expert *** UPDATE, post #83

Dennis Olson

Dennis Olson

Chief Curmudgeon
_______________
Con-tractor called me just now. He is evidently being attacked by one of the Wikileaks people in Brazil. He's being PROFESSIONALLY TRASHED, and needs the assistance to a true Cisco firewall expert. Please PM me if you fit that description and I'll put you in contact with him.

Thanks!!
 
L

LtPiper

Taking cover
onetimer said:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_white_paper0900aecd804e5098.html

Denial of Service Tuning for Cisco IOS Software Firewall and IPS
Click to expand...

That doesn't look like what happened. The site completely dissappeared from DNS tables on DNS hosts world wide in seconds.

That is not supposed to happen. I could not get a single DNS to return an IP address for the site even on private DNS servers I have access to. It's like this place just simply did not exist in the DNS host tables. I've never seen anything like it. Even my websites that have been offline for years still show up in DNS tables.
 
onetimer

onetimer

Has No Life - Lives on TB
LtPiper said:
That doesn't look like what happened. The site completely dissappeared from DNS tables on DNS hosts world wide in seconds.

That is not supposed to happen. I could not get a single DNS to return an IP address for the site even on private DNS servers I have access to. It's like this place just simply did not exist in the DNS host tables. I've never seen anything like it. Even my websites that have been offline for years still show up in DNS tables.
Click to expand...

But the ip address didn't work either.

2 pronged attack?
 
L

LtPiper

Taking cover
Very probable. I was trying to get the IP address via DNS is how I discovered it missing. That's when I started hitting the servers I have access to and couldn't find it anywhere.
 
Red Baron

Red Baron

Paleo-Conservative
_______________
When we were down I ran the MS internet connection diagnostic and it said something to the effect that it could not locate the DNS server.

TOL returned the same message.
 
Dex

Dex

Constitutional Patriot
I hope that the DNS thing wasn't a test. If the IP didn''t show up in NS on a broad scale that would show a high level attack greater than what a group of hackers in Brazil could achieve unless they had help at a high level inside the authoritative root servers in the US. Smells of Big Brother to me.

The first thing they will do is cut off our comms before the big "IT" is comes.

If this site goes down for a significant period of time, like days rather than hours, I'm going to take it as a sign to get ready for IT.
 
L

LtPiper

Taking cover
Were you using the 74.119.217.120 address?

I wonder if the new wonderful Aussie firewall affected the IP?
 
C

Catbird

Inactive
If nothing else, one thing this has pointed out is that we need alternative ways to communicate. If this really had been "IT", we would not have been able to give or get any info that would be mutually helpful, or give us an edge or an advanced warning.

Definitely worth thinking and talking about this some more.
 
twincougars

twincougars

Deceased
Catbird said:
If nothing else, one thing this has pointed out is that we need alternative ways to communicate. If this really had been "IT", we would not have been able to give or get any info that would be mutually helpful, or give us an edge or an advanced warning.

Definitely worth thinking and talking about this some more.
Click to expand...

There's still the Facebook TB2K forum. The govt. needs to keep that up so they can keep compiling private info on everyone! Also, you can follow TB2K on Twitter (I set that one up).
 
minkykat

minkykat

Komplainy Kat
I was away all evening and am just coming on. What happened?
Dennis comes on asking for help for someone getting attacked and then THIS place gets attacked too?
 
R

RJC

Has No Life - Lives on TB
I'm wondering if we have lost the security here.

Normally if I delete cookies it is necessry to log in again on TB2k.

But not now???
 
O

Ozlady

Inactive
LtPiper said:
Were you using the 74.119.217.120 address?

I wonder if the new wonderful Aussie firewall affected the IP?
Click to expand...

I was using 74.39.184.22 which was the one I had saved in my favs, has it changed or did I save it wrong? I am sure I have used it in the past. :shr:
 
China Connection

China Connection

TB Fanatic
Simple! They are fake and doing what they are told or a least pretending that they are on our side. I don't believe anything they say. I have said before that the establishment is letting them get their story out on mainstream sites. Only fools would think they are the real deal.

.
 
J

jim_bo

Inactive
This whole thing makes me think about Flying Dutchmans warning.
Very interesting times we are living in

Jim_bo
 
Hfcomms

Hfcomms

EN66iq
Regardless of where the attack came from it should be pretty obvious that when TSHTF that were not going to be able to depend on the Internet as it simply won't be there. They can say the wiki people are doing it but how do we know it isn't a .gov operation to shut down parts of the net and they blame the wiki people to deflect responsibility? One of these days were going to try to find the forum and it will be gone for good. Plan accordingly.
 
Blacula

Blacula

Dark Roasted
Hfcomms said:
Regardless of where the attack came from it should be pretty obvious that when TSHTF that were not going to be able to depend on the Internet as it simply won't be there.
Click to expand...

The rest of the internet was still working, it was just this site & TOL yet again.

Wonder what they share in common??
 
jed turtle

jed turtle

a brother in the Lord
China Connection said:
Simple! They are fake and doing what they are told or a least pretending that they are on our side. I don't believe anything they say. I have said before that the establishment is letting them get their story out on mainstream sites. Only fools would think they are the real deal.

.
Click to expand...

probably a safe assumption.
the whole thing looks staged.

what do TOL and tb2k have in common?

us. preppers. people who connect the dots, and have a rather large audience of highly intelligent, highly connected people watching 24/7.

like, suppose somehow the dots suddenly get connected in a way that exposes government culpability in something so massive that it would topple all remaining faith in the government instantly for all time, the second it was revealed. they might want to short-circuit something like that asap.
 
Siskiyoumom

Siskiyoumom

Veteran Member
The back up board would not recognize my username or password.

It would be grand to have a plan.

Right now I hope to be able to get all the information I need and last night was the harsh reality of the likelyhood of the net being taken away from us all.
 
blackjeep

blackjeep

The end times are here.
Blacula said:
The rest of the internet was still working, it was just this site & TOL yet again.

Wonder what they share in common??
Click to expand...

Not so. I had trouble with ArcheryTalk.com last night, as well. Very subversive, those arrow slingers!! ;)

More sites than TTOL and TB2K were affected. I'm with HF and CC on this one; the Wikileaks group is probably not the culprit.

I'm beginning to suspect that with the ATM, Visa, Mastercard, banking, cable TV and internet outages, that these are practice runs for a total blackout of all info and finance which will be blamed on "others". The sheeple will cry out for peace, safety and security at the hands of .gov. Then, .gov gets what it wanted to begin with, control of nearly everything monetary and internet related.

This shouldn't surprise anyone.
 
I

intothatgoodnight

. . .
LtPiper said:
That doesn't look like what happened. The site completely dissappeared from DNS tables on DNS hosts world wide in seconds.

That is not supposed to happen. I could not get a single DNS to return an IP address for the site even on private DNS servers I have access to. It's like this place just simply did not exist in the DNS host tables. I've never seen anything like it. Even my websites that have been offline for years still show up in DNS tables.
Click to expand...

Interesting. Are you saying that the TB2K website IP addresses disappeared from various tier router tables? How about TTOL's IP address? Doesn't TB2K have other IP addresses associated, such as chat or other servers/services? Did all of THOSE IP addresses disappear, too?

How did you check this, or know this to be true -- what utils or methods did you employ to validate such?


intothegoodnight
 
I

intothatgoodnight

. . .
Ozlady said:
I was using 74.39.184.22 which was the one I had saved in my favs, has it changed or did I save it wrong? I am sure I have used it in the past. :shr:
Click to expand...

Your IP address is no longer valid for the TB2K web server -- the TB2K web server IP address can be changed by the admin (Jon/Contractor, for instance) -- typically, this is done for legitimate technical reasons, but obviously can cause concern with those who try to log in via the OLD IP address.


intothegoodnight
 
T

Technomancer

Inactive
Did we ever get any details about this mess?
Why was it someone from wikileaks in Brazil? Is that what an email from the attacker claimed?

Was it a rolling "false flag" attack by people claiming to support wikileaks in an attempt to rally people against them by targeting right wing sites?

What kind of attack was it? A generic bandwidth attack just d/ling some files over and over, hammering the server with bad requests, old crafted packets attacks?

And how many sources was the attack appearing to come from? Was it like it was from a small botnet or just some kid with a decent computer and a broadband connection?


And what was all the mention of bad DNS records last night? Were people just not getting a response and assuming the IP was wrong, or were DNS requests on certain networks actually coming back bad?
 
LoupGarou

LoupGarou

Ancient Fuzzball
I seriously doubt that the attack had ANYTHING to do with Wikileaks or it's followers. It both nailed our DNS entries, as well as nailed our IP addresses. None of the three IPs for TB2K were working, TOL was the same way. Quite a few of the other sites that I, or friends of mine in the science realm were also not working right.

I would bet money on the fact that it was either TPTB, or someone behind TPTB (Soros and fiends). My worry is what else did they do besides the DNS and IP attack? Does our board have any back doors, rootkits, or root attack holes drilled through it. Is any new "software" running in the background. It seems odd that they would give up after 8-12 hours.

It also is VERY odd the sites that they hit, since from what I see, most of the sites that they hit are fairly critical of TPTB. I figured if it was Assange and crew, they would be going after political sites, and news media sites. But that just makes me feel more that it is NOT assange and crew.

Time will tell.

ETA: And Dennis, you might want to keep the last backup before the attack from being reused, just so you can compare all of the working system and program directories against the current ones. I find it odd that they would do such a "thorough" attack and just walk away. I'm just wondering if they slipped something in during the confusion.



As far as backup comms:

I would strongly suggest people get their Amateur Radio License. SOON! And get at least General class so that you can get on HF... Just sayin'...

Loup
 
I

intothatgoodnight

. . .
Timber said:
Why would Wikileaks attack... what they are trying to send out to the public?
Click to expand...

Assuming that the Wikileaks hacker counter-force folks had anything to do with the temporary disappearance of the TB2K web site, likely their attack was aimed at the IP address space of the TB2K web site hosting company, in Chicago, because they MAY be hosting a controversial web site that the Wikileaks hacker folks chose to target -- in executing a denial of service hack attack (DoS), the hackers can target a RANGE of IP addresses that are held by a specific hosting company, of which also contained the IP address used by TB2K.

The question to ask Jon/Contractor -- did other websites hosted by our new Chicago hosting company experience website outages, too? What does the tech staff at the Chicago hosting company have to say? What did they "see" occurring? What range of IP addresses were affected? If applicable, any changes noted in their routers/routing table logs, or firewall logs?


intothegoodnight
 
mt4design

mt4design

Has No Life - Lives on TB
With all the crap going AND reports by even the MSM that "cyberwarfare" is the Pearl Harbor, I keep getting visions of the Live Free or Die Hard movie. Someone is working toward bring about similtaneous failures in finance, travel, communications and power.

The only way to gain control is to kill any and all means of "instant" communication.

Mike
 
You must log in or register to reply here.
Top