[olug] Fwd: [Secure0maha] 2010 - A cyberwar odyssey?

Paul Duran pdurod at gmail.com
Thu Dec 9 21:50:23 UTC 2010


The Tor project used to have a web utility (not sure if it's still there)
that would allow you to seed it with your systems IP.  It would return a
list of Tor enabled sites that had access to your IP.  One http site I
maintained was experiencing a "scape attack," basically extracting corporate
data (poorly maintained PHP code).  I raised hell with the developers to
tighten up their code --but that would take days/weeks.  The attacker would
come in on static IP and I would block it with IP tables.  Few minutes
later, the attack would commence with another IP and so on.  I used this Tor
utility and it returned almost 900 IP's.  Sure enough those IP's I block
were on the list.  A quick shell script loaded up IP tables (from the flat
file I saved off) and haven't had that kind of attack since (last Summer).
Another fallout from this attack: corporate security blocked the Tor
Project's website from all corporate internal browsing  --well,... on some
networks.  No biggie.  Anyway, my experience and two cents about Tor.

On Thu, Dec 9, 2010 at 2:22 PM, Adam Haeder <adam at adamhaeder.com> wrote:

> Interesting comments on the wikileaks thing from Jim O'Gorman
>
> ---------- Forwarded message ----------
> Date: Thu, 9 Dec 2010 12:18:53 -0600
> From: Jim O'Gorman <jim at elwood.net>
> Reply-To: secure0maha at googlegroups.com
> To: secure0maha at googlegroups.com
> Subject: [Secure0maha] 2010 - A cyberwar odyssey?
>
> This whole wikileaks/anon/DDoS situation has become really big. As in
> history book big. And it has got me thinking
> about a few various things.
> The whole situation is playing out like a cyberpunk novel, full of flawed
> individuals, anti-authority, old guard
> losing control, and a reminder that the internet is not a sanitized mall.
> And like any good noir, I don't think this
> is going to end well for anyone, including those of us just watching on the
> sidelines.
>
> Politicians are mad, corporations are mad, and the general public does not
> really know anything is going on but when
> they do they will just be told "be scared". Knee jerk laws are going to be
> passed that will have unintended
> ramifications. 4chan is getting way to much pub, and I have to shake my
> head
> at the thought of the number of people
> that are going there and not ready for what they are going to see.
>
> The whole idea of calling this a "cyber war" is sort of amazing as well,
> but
> like it or not I think that label is
> stuck on this event, and no amount of raging is going to change that.
>
> I will be really interested to see how long anon will keep up DDoS against
> payment systems. That could have real
> impact on online sales if it is maintained for a long period of time. Also,
> really interesting to me to see if there
> are any PCI changes that come out if this.
>
> I am really interested to see what happens these next three months or so
> while this plays out. One thing that has
> crossed my head is the thought that any sort of new regulation and "shut
> down" of sites that come out of this might
> drive us closer to having a separate network outside of the primary
> internet.
>
> And of course, the raw idea of that gets me thinking about how I would
> build
> something like that, as thats just how
> my mind works. I think the tech is here today with existing tools to make a
> sort of "tunnel net" grow up overnight if
> it had too.
>
> I used to play around with IPv6 over IPv4 tunnels a lot about 10 years ago,
> and it worked great. At that time the
> IPv6 internet was almost entirely separate from the "primary" internet,
> with
> its own addressing scheme, DNS, etc.
> Thats all gone now, but the framework is there. Take Tor
> style endpoints that you can tunnel into via encrypted
> connection (likely wrap it all in HTTP/SSL on port 443 so it looks like
> normal HTTPS making it harder to filter). The
> tunnel just gives you a virtual interface, and you feed in the new DNS, and
> BAM, you have a distributed tunnelnet
> that no one controls. Heck, I have seen wifi routers getting altered to do
> transparent bridging into Tor, this could
> likely have the same thing done to make access easier.
>
> I bet you could actually take the existing Tor software, and by simply
> altering the config that everything is right
> there to have this right now.
>
> Frankly, the idea is cool enough to me that even outside of everything
> thats
> going on its something I would like to
> see happen. It would make your actual connection no longer be relevant as
> its just used as gateway to the tunnelnet.
>
> I will stop ranting now. ;)
> Jim
>
>
>
> --
> Adam Haeder
> adam at adamhaeder.com
>
> Check out my latest book: LPI Linux Certification in a Nutshell from
> O'Reilly: http://bit.ly/bvQQ0I
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



More information about the OLUG mailing list