[ISN] Is there a plan to DoS defacement sites off the Internet?

From: InfoSec News (isnat_private)
Date: Fri Sep 21 2001 - 00:40:14 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, September 20, 2001"

    By John Leyden
    Posted: 20/09/2001 at 15:28 GMT
    Is there a co-ordinated attempt taking place to force defacement
    archives off the Internet?
    After Safemode.org told us that a distributed denial of service attack
    against it had caused its ISP to drop it, the question needs to be
    The attack against Safemode.org, as described to us by its admin and
    co-founder Mystakill, occurred at the same time as attacks against
    Alldas.de, which also resulted in that site becoming unavailable.
    There are some subtle differences in the mode of attack though.
    Mystakill told us that Safemode.org had become the victim of a "land"
    (or indirect) attack.
    "The attackers send a DDoS spoofing our IP address as the source to
    many Web sites, he said. "The victims of the DDoS then respond to us
    or our ISP [BullsEyeTelco] about the problem.
    "Our ISP or the up stream provider contacts us about our server being
    the aggressor of these attacks and demanded that the server be taken
    Most security related Web sites are subject to attack by s'kiddies but
    the suspicion is that Safemode.org and Alldas.de were targeted by
    people who (for whatever reason) wanted to see defacement archives
    taken off the Internet.
    Defacement archives provide a valuable resource for the security
    community though they can be a difficult tenant for ISPs who have to
    cope with flames about port scanning, high bandwidth demands as well
    as the occasional DoS attack. It's also a hassle to those running the
    sites, which is one of the main reasons Attrition.org decided to drop
    its defacement archive earlier this year.
    So, as it stands, both Safemode.org and Alldas.de are looking for an
    ISP to take them on. Neither is optimistic about getting back online
    anytime soon, if ever.
    Who gains from this?
    S'kiddies must be pleased their work is recorded on the Web for all to
    see, so we don't consider them as the likely perps. It makes far more
    sense that government and big business would prefer that these mirror
    sites "go away" so that the exploits of hackers are not exhibited or
    Mystakill was quite willing to believe this theory.
    "I would not put that past the US government," he said.
    "We have hundreds of .gov and .mil sites mirrored, if you where a big
    security company or entire government would you want you blunders
    archived for all time?"
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 06:24:46 PDT