Image

Anyone Got this????

Anyone Got this

The DDoS That Almost Broke the Internet

massive_attack.jpg.scaled500

The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we’ve seen.

Growth Spurt

On Monday, March 18, 2013 Spamhaus contacted CloudFlare regarding an attack they were seeing against their website spamhaus.org. They signed up for CloudFlare and we quickly mitigated the attack. The attack, initially, was approximately 10Gbps generated largely from open DNS recursors. On March 19, the attack increased in size, peaking at approximately 90Gbps. The attack fluctuated between 90Gbps and 30Gbps until 01:15 UTC on on March 21.

The attackers were quiet for a day. Then, on March 22 at 18:00 UTC, the attack resumed, peaking at 120Gbps of traffic hitting our network. As we discussed in the previous blog post, CloudFlare uses Anycast technology which spreads the load of a distributed attack across all our data centers. This allowed us to mitigate the attack without it affecting Spamhaus or any of our other customers. The attackers ceased their attack against the Spamhaus website four hours after it started.

Other than the scale, which was already among the largest DDoS attacks we’ve seen, there was nothing particularly unusual about the attack to this point. Then the attackers changed their tactics. Rather than attacking our customers directly, they started going after the network providers CloudFlare uses for bandwidth. More on that in a second, first a bit about how the Internet works.

Peering on the Internet

The “inter” in Internet refers to the fact that it is a collection of independent networks connected together. CloudFlare runs a network, Google runs a network, and bandwidth providers like Level3, AT&T, and Cogent run networks. These networks then interconnect through what are known as peering relationships.

When you surf the web, your browser sends and receives packets of information. These packets are sent from one network to another. You can see this by running a traceroute. Here’s one from Stanford University’s network to the New York Times’ website (nytimes.com):

Read More

Underwater cable damaged: Internet speed plummets by 60% nationwide

internetbancensorshipfirewall

 

KARACHI:
Internet speed across Pakistan plummeted by nearly 60% on Wednesday when an underwater fiber optic cable was damaged in the Arabian Sea near Karachi.
South East Asia-Middle East-Western Europe (SEA-ME-WE) 4, one of the four submarine cables that connects the country globally via the internet, was damaged around noon on Wednesday – only a couple of weeks following the breakdown of India-Middle East-Western Europe (I-ME-WE) fiber optic cable that has yet to be repaired.
As a result, internet services in the country will likely remain disrupted for an indefinite period. Internet service providers were unable to provide a timeframe on when the problem will be resolved.
Shortly after the disruption, internet users across Pakistan faced a host of problems ranging from intermittent to slow internet connectivity. Many complained that their browsing speed had decreased significantly.
“This is a result of a fault in the undersea cable line to Pakistan through Alexandria, Egypt. The fiber optic undersea cable SEA-ME-WE-4 was affected beyond Egypt for currently unknown reasons,” Wateen Telecom said in a statement. Read More

RIP Aaron Swartz, A legendary Internet Activist

RIP Aaron Swartz

Aaron Swartz has committed suicide on January 11, 2013 in New York City.

I have long been fought if you write something about this extraordinary boy, but not dedicate a tribute would be a shame. Aaron Swartz has decided to leave a huge void in the IT scenario.

For me, as the entire world he is a legend, a guy that has profoundly changed our daily work.

Aaron Swartz is an eclectic persona; he is an hacker and active activist, co-founder of social news website Reddit and founder of the group Demand Progress. The EFF in a blog post states: “Aaron did more than almost anyone to make the Internet a thriving ecosystem for open knowledge, and to keep it that way. His contributions were numerous, and some of them were indispensable. When we asked him in late 2010 for help in stopping COICA, the predecessor to the SOPA and PIPA Internet blacklist bills, he founded an organization called Demand Progress, which mobilized over a million online activists and proved to be an invaluable ally in winning that campaign.” Read More

WPA / WPA2 PSK (33GB)Rainbow Tables

Hash_table_example

download

New Linux Rootkit Attacks Internet Users

Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits.
About Rootkit : Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy. Based on research, the rootkit may have been created by a Russia-based attacker.
New Linux Rootkit Attacks Internet Users

Edward Maya FRIENDS FOREVER

TCHead – TrueCrypt Password Cracking Tool

 

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).
Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords an attacker must try each password against each combination of hash and cipher (assuming they do not know what these are beforehand). System encrypted hard drives use only one hash and cipher, so attacking those is faster. Read More

Samsung printer having secret admin account Backdoor

US CERT warn about Some Samsung printers, including models the Korean company made for Dell, have a backdoor administrator account coded into their firmware.

This hard coded admin account in firmware could enable attackers to change their configuration, read their network information or stored credentials and access sensitive information passed to them by users.
Even if SNMP is disabled, this “backdoor administrator account” is still active and could be used by an attacker to access the printer. SNMP is an Internet protocol commonly used to monitor and read statistics from network-attached devices. Read More

Wifi Honey – Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

Installing wifi honey
chmod a+x wifi_honey.sh
./wifi_honey.sh fake_wpa_net
./wifi_honey.sh fake_wpa_net 1 waln1 Read More