Article Image
Radio/TV • Freedom's Phoenix
Program Date:

Freedoms Phoenix Distributed Denial-of-Service Attack Yields Interesting Information :)

I share this information with you not only for our own entertainment and amusement but also to learn from and be inspired :) (UPDATE - "Companies With Ties to Israel Wiretap the U.S. for the NSA" (reminded me of our investigation)

Hour One

Media Type: Audio • Time: 49 Minutes and 00 Secs
Companies With Ties to Israel Wiretap the U.S. for the NSA (this interview reminded me of our investigation :)

Published on Jun 9, 2013

James Bamford on Democracy Now! 10 14 2008
AT&T and Verizon, that are secretly working with the NSA and tapping Americans' phone lines, and these companies actually outsource the actual tapping . Narus, which was founded in Israel and has large Israel connections, does the—basically the tapping of the communications on AT&T. And Verizon chose another company, ironically also founded in Israel and largely controlled by and developed by people in Israel called Verint
 
===========================================
"May you live in interesting times and come to the attention of important people"
(quoted often as a Chinese curse)

FreedomsPhoenix was hit today (Weds. 11-23-2011) by an interesting distributed denial-of-service attack (DDoS). This was certainly not the first or likely the last. But this one was interesting enough to share with you all.

Following the superficial forensic analysis below,... is the 'Rest of the Story' that is even more interesting.
 
Dear Websense / To Whom It May Concern:
(http://www.websense.com/content/home.aspx)
 
On the afternoon of Nov. 23, 2011, from approximately 12:10 MST (-0700) and until we blocked the addresses at around 16:56 MST (-0700), various IP addresses delegated to you were the source of a long series of requests which amounted to a DDoS.
 
These IP addresses were the source of approximately 26,875 complex HTTP server requests, which resulted in our services suffering nearly 4 hours of downtime.
 
The IP addresses we have identified as issuing these apparently malicious requests included (the last figure is the number of identified request originating from that IP):
 
208.80.194.58 - 165
208.80.194.60 - 9309
208.80.194.63 - 119
208.80.194.64 - 801
208.80.194.66 - 5796
208.80.194.69 - 748
208.80.194.71 - 9937
Until further notice, we have blocked the entire 208.80.194.0/24 IP address block. Once you have identified the source of the apparently malicious traffic and resolved the issue, please contact us so that we may remove the block, if appropriate.
 
If you would like to receive further details, please inquire.
 
I trust that you will look into this issue, and disable or disconnect any source of malicious HTTP requests.
 
In Liberty,
 
-- Michael Kielsky
------------------------------------------------
 
I'm sure you'll find this story very interesting... CLICK the Yellow PLAY Button at top to listen to...
"The Rest of the Story"
 
The links below are for reference while listening to he show... enjoy.

 
FreedomsPhoenix Special Edition - HarheaPhoenix
(Arabic for FreedomsPhoenix)
 
 
UPDATE: ON MONDAY, NOVEMBER 29TH, 2011, WE WERE NOTIFIED THAT OUR ARABIC TWITTER PAGE HAD BEEN SUSPENDED  (see below). Things are happening in the middle east that 'they' don't want people to know about...
 
(UPDATE Nov. 30th 2011 - The following is an exchange between our web security manager and Websense)
 
Is it your policy or practice to have your systems send a barrage of malicious and deliberatily malformed http requests without permission of the server owners?

The almost relentless series of requests brought our server down for several hours, and effected a denial of service to legitimate and non-malicious users.

Other than a denial of service, what do you claim as the purpose of your scans?

-- Michael Kielsky
BetterThanYours.com
http://BetterThanYours.com
+1.888.398.4405

____________________________________________

CONFIDENTIALITY NOTICE: THIS COMMUNICATION (INCLUDING ITS ATTACHMENTS) IS FOR THE SOLE USE OF THE INTENDED RECIPIENT(S), AND MAY BE CONFIDENTIAL, PRIVILEGED, AND EXEMPT FROM DISCLOSURE, AS PROVIDED BY THE ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 USC §§ 2510-2521 AND OTHER APPLICABLE LAWS AND REGULATIONS. INTERCEPTION, DISCLOSURE, REVIEW, USE, COPYING, DISSEMINATION OR DISTRIBUTION BY ANYONE EXCEPT THE INTENDED RECIPIENT(S) IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, IMMEDIATELY DESTROY ALL COPIES AND ATTACHMENTS, AND NOTIFY THE SENDER. IF YOU ARE AN INTENDED RECIPIENT BUT DO NOT WISH TO RECEIVE COMMUNICATIONS THROUGH THIS MEDIUM, PLEASE ADVISE THE SENDER IMMEDIATELY.
____________________________________________


-----Original Message-----
From: Websense Labs [mailto:suggest@websense.com]
Sent: Tuesday, November 29, 2011 12:55 PM
To: Michael@BetterThanYours.com
Subject: RE: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194. [ ref:00D27dP.5002J4ABr:ref ]

Hello,

The hits in question originated due to a Websense ThreatSeeker Network Web scan. These hits are not related to any security events.

If you would like to be removed from the Websense ThreatSeeker Network Web scan, please kindly assist us in providing the web address/URL of the scanned web page.

If you have any questions and/or need any additional information, please let us know.

Thank you for your inquiry,

Olga
Websense Labs


--------------- Original Message ---------------
From: Websense Labs [suggest@websense.com]
Sent: 11/28/2011 8:55 AM
To: L@websense.com
Subject: RE: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71 - Websense Security Labs Case: 00857333 (ref:00D27dP.5002J4ABr:ref)

Greetings,

Thank you for contacting Websense Labs Research Team.

Your inquiry has been received and assigned case # 00857333. A Websense Labs Researcher will respond shortly.

Useful Online Research Tools:
 
 Site Lookup Tool: Check URL Category / Submit URL for Review
 ACEInsight: Obtain Detailed URL Info
 Category Definitions: Review Categorization Criteria
 
Sincerely,
Websense Labs

 
Check out Security Labs Blog: http://community.websense.com/blogs/securitylabs/

 
 
Case Details:

 Subject: FW: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71

 Description:
 From: Michael Kielsky [mailto:Michael@BetterThanYours.com]
Sent: Wednesday, November 23, 2011 5:54 PM
To: Websense Info
Subject: Apparent malicious traffic originating from Websense 208.80.194.58 208.80.194.60 208.80.194.63 208.80.194.64 208.80.194.66 208.80.194.69 208.80.194.71
Importance: High

Dear Websense / To Whom It May Concern:

On the afternoon of Nov. 23, 2011, from approximately 12:10 MST (-0700) and until we blocked the addresses at around 16:56 MST (-0700), various IP addresses delegated to you were the source of a long series of requests which amounted to a DDoS.

These IP addresses were the source of approximately 26,875 complex HTTP server requests, which resulted in our services suffering nearly 4 hours of downtime.

The IP addresses we have identified as issuing these apparently malicious requests included (the last figure is the number of identified request originating from that IP):

208.80.194.58 - 165
208.80.194.60 - 9309
208.80.194.63 - 119
208.80.194.64 - 801
208.80.194.66 - 5796
208.80.194.69 - 748
208.80.194.71 - 9937
Until further notice, we have blocked the entire 208.80.194.0/24 IP address block. Once you have identified the source of the apparently malicious traffic and resolved the issue, please contact us so that we may remove the block, if appropriate.

If you would like to receive further details, please inquire.

I trust that you will look into this issue, and disable or disconnect any source of malicious HTTP requests.

In Liberty,

-- Michael Kielsky
BetterThanYours.com
http://BetterThanYours.com<http://betterthanyours.com/>
+1.888.398.4405
____________________________________________

CONFIDENTIALITY NOTICE: THIS COMMUNICATION (INCLUDING ITS ATTACHMENTS) IS FOR THE SOLE USE OF THE INTENDED RECIPIENT(S), AND MAY BE CONFIDENTIAL, PRIVILEGED, AND EXEMPT FROM DISCLOSURE, AS PROVIDED BY THE ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 USC §§ 2510-2521 AND OTHER APPLICABLE LAWS AND REGULATIONS. INTERCEPTION, DISCLOSURE, REVIEW, USE, COPYING, DISSEMINATION OR DISTRIBUTION BY ANYONE EXCEPT THE INTENDED RECIPIENT(S) IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS COMMUNICATION IN ERROR, IMMEDIATELY DESTROY ALL COPIES AND ATTACHMENTS, AND NOTIFY THE SENDER. IF YOU ARE AN INTENDED RECIPIENT BUT DO NOT WISH TO RECEIVE COMMUNICATIONS THROUGH THIS MEDIUM, PLEASE ADVISE THE SENDER IMMEDIATELY.
____________________________________________


Click here<https://www.mailcontrol.com/sr/wQw0zmjPoHdJTZGyOCrrhg==> to report this email as spam.


 Protected by Websense Hosted Email Security -- www.websense.com
 
 
 
 
 ref:00D27dP.5002J4ABr:ref
 
 
====================
 
News Link  • 
History
Jim Quinn: The Gathering Storm (Publisher Recommended)
03-14-2011  •  ZeroHedge.com 
An examination and understanding of history would have revealed that we have been here before. We were here in 1773. We were here in 1860. We were here in 1929. We are here again. The Fourth Turning has returned in its predictable cycle, just as...
 
News Link  • 
Welfare: Corporate
The Scientific Dictatorship Explained (Publisher Recommended)
07-27-2011  •  oldthinkernews.com 
“The conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government...

  News Link  • 
Economy - International
Kyle Bass pawns BBC's HARDtalk (Publisher Recommended)
11-20-2011  •  www.wallstreetoasis.com 
Kyle Bass on the other hand knows his shit cold, and on the show last Friday the subprime superstar didn’t hold back on taking down Sara Montague’s accusive, somewhat insulting rhetoric and absolutely decimated her absurdly sensationalist arguments.
 

Feature Article  •  Global Edition
Technology: Software
You Won't Believe What YOU Can Do With a Photograph (Publisher Recommended)
Ernest Hancock
   After watching this video you will suspect every photograph of "The Truth". "We all know about photoshopping and the way it has made photographic "evidence" the least rather than the most believable indicator of underlying reality."

 


Join us on our Social Networks:

 

Share this page with your friends on your favorite social network:

Get the LRN listening app
LRN.FM for Android and iOS!

Join our Telegram Channel


Please help fund Declare Your Independence with a one-time or recurring donation.



Archive By Year


Shows By Topic

Shows By Guest


MoxNews.com