You don't have to pay to read LGF. But if you enjoy what we're doing here and you'd like to show your appreciation,
you can use the Amazon or PayPal links below to drop some change in our tip jar and help us buy some groceries.
This page contains validated HTML 4.01 Transitional code, with a validated
stylesheet. (Or at least it used to; but allowing visitors to comment makes validation impossible.)
If you're viewing us with Netscape 4.x, we may look weird. But not completely whack. We wouldn't do that to you.
Weird but not whack, that's our motto. We're readable in just about any browser, but we look best in the ones that understand CSS.
If you need a modern standards-compliant browser (what are you waiting for?), here are three of the most
popular (all free downloads):
Everything you see in this weblog was developed and programmed by Charles Johnson,
including but not limited to the random photos, slideshow, polls, user preferences, contact form,
referrer list, daily statistics, site search, google news search, link management system, random Zappa quote,
and last but not least, the weblog system itself, which includes a full commenting system with a recent comments list,
automatic archiving, RSS generation for syndication, an email-an-article feature, and a whole bunch of editing and
administration features behind the scenes.
LGF T-shirts now ON SALE!Click here to fill out an order form you can print and mail with
your payment, or pay online with PayPal. If you live outside the US/Canada, use
this form instead.
Please help keep Little Green Footballs bouncing by donating whatever you can! We do this without pay, so the more donations,
the more time we can afford to devote to LGF. Thanks for your support, and for helping make LGF a success.
replies: 78 comments Comments are open and unmoderated, although obscene or abusive remarks may be deleted.
Opinions expressed do not necessarily reflect the views of Little Green Footballs.
I'm assuming that date is the planned attack date. If that's so, then can't we take preventive measures to prevent yet another DoS? Or are we at the whim of these lunatics?
By my calculations, it would cost about $12,000 per year to get any legitimate site hosted on a dedicated machine with strong anti-DDOS protection from a highly reputable managed hosting company.
If a number of such sites are willing to band together, they can obviously share that cost.
$12,000 may sound like a lot of money, but it can be raised in very short order if motivated donors can be found.
My advice (worth everything you paid for it) is to organize a number of such sites together as a 501(c)3 and collect funds to support them properly. The jewish community is well-known for supporting competently managed self-defense efforts like these.
I think you might be referring to 2 or 3 comments I was able to get in before my "membership" there was terminated. Its kind of amazing that they deleted my comments pointing out that what they had posted was ILLEGAL, but didn't have either the interest or the sense to delete the illegal comments themselves!
Why do these so-called advocates of free speech want to close down every pro-Israel site?
It's because they hate free speech and are terrified of the actual truth getting to the masses...
What a lot of lily livered cowards they are to instigate DOS attacks instead of attacking the message!
That's the reason why they beat their women and children, are inhumane to animals and shoot people in the back - that's what they think makes real men!
Did anyone notice the comments on the English board about the "leadership of Jihad in Baghdad?"
I hope the FBI or someone in our national security is aware of this. I am going to write Microsoft as to why they are allowed to use this board to talk about plans against our troops, isn't that aiding and abetting the enemy?
25% voter turnout in local elections by 2:00 P.M. Tuesday
Roughly 25 percent of eligible voters had exercised their right to vote for most of the country's local authorities by 2:00 P.M. Tuesday, with relatively high voting rates recorded in the Arab sector. ... The Likud, which has invested some NIS 30 million in the local races, is expected to be the big loser in Tuesday's elections, with a sharp decline seen in the number of both mayors and councilors affiliated with the ruling party.
So how does this bode for the Sharon government? Is the next Israeli PM going to be a leftie?
When you click that link, a spyware program called Avenue A, Inc. tries to install itself in your PC. I don't know what it is, but maybe someone should tell us.
Sites currently being targeted for violations of terms of service are featured. The whois info is given, and an email with some documentation of content to the host/server is sent.
There is also a database of sites which are clearly terrorist connected and/or terrorist supportive. Most of the websites in the database are those affiliated with designated terror groups.
There is also a tools and resources. Basically, it comes down to an email reporting the abuse –and the sites being targeted can be found on the front page of Haganah. Also, when the registration information is clearly fake, it can be reported and they have 2 weeks to rectify before the domain is taken down.
The animal, considered unclean by Islam as well,can also act as a deterrent to Muslims who believe that touching a pig could keep them from entering heaven...
These are local elections for Mayoralties and City/Local Councils.
This has no bearing whatsoever on the Kneset (Parliament)/ National Government, other than that it indicates a possible loss of popularity for the Likud.
However, it's important to note that there are far more than 2 parties in Israel. Likud is the largest party, but it doesn't even remotely come close to a majority. Labor, the number 2 party, is only half the size of Likud. Just because Likud is not doing well does not mean that the Left in Israel is. In fact, if you look into this you will find that Likud may be punished by some right leaning voters today who are upset with the treatment of religious parties/religious issues by the National Government lately.
I just posted this to MSsecurity focus, with the hope that the mods will at the very least forward it on to their contacts at Microsoft, and that some action will be taken.
I implore someone to forward me a translation of the arabic at the top of the message incase im asked what it is by someone (this is wishful thinking)
If you send me email, please make sure to put something about the type of minion you are in the subject so it doesnt get deleted.
I just posted this to MSsecurity focus, with the hope that the mods will at the very least forward it on to their contacts at Microsoft, and that some action will be taken.
Can you please post the address you used? I'd like to do the same thing.
its not for this kind of request - its really an informational thread - it just gets read and modded by people at MS.
If you go to securityfocus.com you can get on the thread - but I want to warn you - as with most security communities, it is full of worms, viruses, etc -and is not the most secure email list to subscribe to ;)
as an aside - they wont release my post to the email list to the public, but im hoping they do pass it on to someone who might be able to get that post removed ;)
as an aside - they wont release my post to the email list to the public, but im hoping they do pass it on to someone who might be able to get that post removed ;)
Thanks for all the info, and thanks for taking action--it sickens me that they are using American resources for this.
It seems that pigs have a highly developed sense of smell. Who would have thought it? That means that they cannot be allowed anywhere near Arafat's compound or animal rights activists will complain of cruelty to these sensitive beasts.
I followed one of the links from that site Irving Mosque and noticed that in a section where they listed new births and marriages, only the man's name was mentioned.
Somehow, I don't think American woman would like that.
So maybe that a deep dark secret they don't want outted....the men concieve and bear the children? *lol That would make a great urban legend doncha think?
The program blocks any IPs that if finds connecting more than, say 12 times (because no normal visitor would hit the page 12 times within 5 seconds) and adds them to a deny list. This isn't 100% safe, but it would work against what Charles is up against now.
Charles needs a full dedicated server which is at least over $100 a month to rent plus taxes. For it to be managed by someone looking out for attacks would be an extra $50 a month.
This will also make him safer since he won't be sharing a server with other sites that might get attacked since he would be the only site on the dedicated server.
Another benifit is that he will have enough space and bandwidth to host videos and images relating to his content. An unlimited bandwidth server is about $300 maybe more, but with a compromise in speed.
One problem is if Charles is not familiar with SSH and would have trouble manually blocking IPs, but he's tech savvy, so he would learn quickly like I had to learn. I have most of the command lines in a txt file.
First of all I must carry the salutation of 8000 thousand Mujahideen in Iraq. (n.b. not the Iraqi army but Mujahideen who have come voluntarily from Syria, Sudan, Yemen, Algeria, Pakistan, Bangladesh, Malaysia etc) I carry the salutation of the brave who are eager to meet the enemy to die for the sake of Allah (swt). Salutation of the soldiers of Allah and the horses of Islam, the salutation from the friends of Allah his Angels and Gibrael (as) and his wings. I carry for you the salutation of the riders of the daytime and the worshippers in the night-time.
...more...
We cannot fight as a regular army with a cowardly enemy who does not want to engage in land warfare. They have superiority over us by their airpower therefore the only way we can fight their regular army with their air superiority is to lure and engage them in street to street fighting or a guerrilla war. But there is no Tora Bora (mountains in Afghanistan) and there are no mountains in Iraq like the mountains in Afghanistan. The Mujahideen in Afghanistan retreated from all the cities one after the other and gave them all up so the bombing could stop (to save the innocent Muslim civilians) but the cowards never stopped the bombing and never came down to meet us. And yet up until now the Muslims have inflicted maximum damage on them and they can’t even claim victory in Afghanistan.
I'm having trouble with the word موافق, my dictionary says "agreed","acceptable","apropriate","suitable","convenient". Can't say if that refers to the GMT standard, my Arabic isn't very good. I assume it is GMT, but not sure since it is possible that the writer forgot to mention a time zone.
According the MSN Terms and Notices agreement this MSN Group is breaking all sorts of rules against using the site to disseminate unlawful or prohibited functions.
Am I being paranoid to notice that the "brothers" ( are women allowed into the mosque?) have found a "strategic location near DFW airport?
Since the beginning of the 80's we were looking for a permanent solution to the problem with space enough for the increasing number of Muslim brothers praying in Irving. With Allah's blessings and will, we were able to buy a piece of undeveloped land with an area of 11 acres. The land is located in a very strategic area, it is only few miles away from one of the busiest airports in the world, DFW Airport.
I noticed that also, but am unsure how to take it. A normal business in that area would say the same. However, I have never thought that a church would need easy access to a major airport for any lawful reason.
That sounds like a bit of information that needs to be given to the authorities. Since they are not a member of the 'military', the word strategic is suspect.
Rackspace charges about $300/month for an entry-level server. Add monthly backups and/or additional drives and it gets a little more expensive. Call it $450 to have a 1.5Ghz dedicated web box on which one can host dozens of domains.
They also have an anti-DDOS service called Preventier, which analyzes incoming traffic and eliminates DDOS traffic without disrupting normal traffic (something that simply squelching frequent visitors would not necessarily do).
Cost for that, another $450/mo, for a total of $900. Round that up to $1,000 to make the math easier and you have $12K/yr.
Now, Rackspace is not the cheapest managed hosting firm around. In fact, they're probably one of the most expensive ones.
However, their service levels beat the stuffing out of virtually everyone else, and their tech support is top shelf. If you want a server to be up 24/7, then you don't want to go economy class on your hosting.
Mind you, I'm not necessarily suggesting that LGF or IH or any other site be migrated anywhere.
All I'm saying is that the tools to fight DDOS attacks are available, and maybe it's time to think about using them. If cost is the issue (and you can see, I deliberately made my estimate high to be conservative), then I maintain the money will be there once the objective is publicized.
I thought people understood already that the Jahiliya heritage of Islam dictates that women are not human beings, they are objects, commodities. Islam in the time of Muhammad sought to improve the situation of women to a certain extent, yet was unsuccessful in practice, as we see today.
But Abu is probably just making it all up. He gives himself away at the end: > we were able to capture 2 soldiers and take their own artillery
Artillery?... If this were to actually occur I'm sure there would be pictures of the POWs on Al-Jazeera, and the euro press would be making a big deal about it by now.
that would work - on a small scale attack.... but attacks of the scale that hosting matters was subjected to is an entirely different animal.
While writing software to block IP addresses on a particular server is possible, it wont help ;) If it would help, then there would be issue blocking DOS attacks at any level.
As a basic overview - by the time perl, or whatever you plan on using to block the attack was called to investigate the packets in question, the network interface card, hubs, switches, routers, firewalls, and probably the interface to your backbone (and much of your backbone providers equipment) would be taking a massive traffic hit. If you think about it as a hose - what you are proposing would be to block the water at the end of the hose - with a nozzle or something - but in a computer network, the hose doesnt just go from point a to point b (you might think it does, but at the very least, the headers of every single packet get inspected by every single host they pass along the way) so your hose would look more like the roots of a tree....
you cant stop the effects of a DOS attack by putting a nozzle at the end of every branch! You have to go to the top (backbone provider - or wherever) and request that suspect traffic going to a particular host be blocked...
but then we get to another problem: the hardware at that level is designed to allow traffic to flow as fast as possible. Applying a policy of some sort to that traffic would mean that every single packet passing through must be looked at more closely - slowing down the already tenuous connection to the backbone.
Most ISPs consider this out of the question for all but the most critical clients (or those with a ton of cash to drop on such a service)
I will re-iterate, running such policies on the local level (even if you had a T3 like my office does) will not help - A DOS attack will still pass into your backbone providers network, and at the very least, deny all service to your border routers. Internally things will be peachy - but the outside world wont be able to find you.
if we could put internet hagana on say, the MCI 100mbps backbone (which is in the range of 13k a month for one box - without security protection) and put some sort of policy driven security device between their server and the backbone, we could eliminate all but the most massive attacks - for a while.
Last week, AT&T;, which has nothing to do with any of this, suffered a massive inbound email DOS - due specifically to random spam. Any "external" email server was unable to deliver mail to their systems for about 4 days. AT&T; tried the filter approach, but guess what - the filters crashed. Their solution was to suddenly double the number of servers handling incoming email, and increase the permenant bandwidth allotment going from the outside world to their servers.
It was pretty funny when their spam filters crashed. We were requested to give them the IP addresses of "trusted" hosts externally that would need to send email to them - and we did - and I could send a message to them from hotmail, and the spam filter would deny it.... but the filters problem wasnt identifying the good email - it was PASSING IT ON once it was found. It could do the filtering, but it got so much traffic, step 2 - delivering the mail - got skipped.
Dedicated server -- a good idea. Two ones, on different subnets, with mirroring and dns switch, even better.
The DDoS defences do not need any super-duper expensive specialized software, this can be pretty much handled by portsentry, tripwire, snort and a well configured firewall+iptables. All of it free utils. Some other security measures thrown in to prevent hacking. Nothing if foolproof, but with good policies in place, the boxen can purr nicely and be very safe. The setup will take care of most attacks on its own, with minimal intervention in the case of unusual heavy bombardment.
Cost per server with capped traffic (700G/month) about $109/month
Unlimited traffic about 430/month per box
Managing: $80/month retainer and $25/hr. support fee per incident.
#54 Yes, of course that when the attack is massive, it is necessary to handle it on the provider level or even on the backbone level. In the second case, there is not much anyone can do than wait it out.
I suspect that HM do not have a reliable redundancy in place.
If the ISP has several independent networks and at least 2 servers that are not on the same net are used, there is a fair chance that the DDoS attack would have no cow, or that the disruption would be minimal.
#52 He could be referring to the two soldiers that came up missing about a month ago. I believe it was two weeks ago that their armaments were found in the possession of muhjadeen arrested in the triangle.
remember - "Notice: Microsoft has no responsibility for the content featured in this group. Click here for more info."
I did like that you can just click "english" on the left and side and go to the message boards in english. Makes it much easier. Also note "This forum is for all discussions in English, about Hacker, trojan, crack of password, destroyed Americans and Jews web-sites, diffusion of the Islam, build the e-jihad web-sites and much more." I can't believe that for the first time in my life, I just saw the words e-jihad. Boy am I whipping up a post in my head.
What's unfortunate is that there are quite a few people who are Muslim who aren't in agreement (agreeance, thanks - Fred Durst) with these people, and everyone gets condemned by those who proclaim to be of "the religion of peace".
Lileks made an interesting point about the previous DOS attack last week:
As you may have read - not in newspapers, heaven forfend - a large portion of the blogworld has been crippled by attacks on the company that hosted a pro-Israel website, and the attacks are coming from servers that host Al Qaeda groups. This makes me uneasy; there’s something else going on here, I think. It’s like hearing reports from Alaska radar stations of peculiar blips on the screen. Someone’s testing something.
That is not a victory sign. You don't understand, the Palestinians are a peace-loving people. He is only trying to cast a shadow of a little bunny rabbit on the Dome of the Rock.
Without intending to be intentionally rude, some of you haven't got the first clue about the technical aspects of a denial of service attack and what it entails to avoid and or defeat one. First and foremost they are typically distributed across many broadband "clients" typically on cable and dsl networks such as "Rogers" or "Road Runner". Infected machines typically phone "home" for instructions on who to attack and the method and duration of the designated attack. Once the attack begins the target is generally "f*cked" and beyond redemption. The only way to defeat the attack is to head upstream to a point in the network where the volume of the denial of service traffic is perhaps less than 20% of the total traffic within a particular network segment. At that point the packets must be discarded by the routers based upon some sort of rules. Now those rules could easily create a whole other category of outages by blocking entire blocks of addresses that are attempting to transit the network at that point. The rules could also disrupt normal traffic that is intended to convey the fitness of various network components. So the bottom line is don't put your eggs in one basket. Spread your site/information across multiple networks and locate your server as close as possible to a "big pipe". Narrow network cul de sacs are the kiss of death. Think of a giant school of fish in an enormous body of water. There is safety in large numbers. Aaron has the right idea for a tight budget at this point. The more sites he has the more the attackers will have to coordinate the attack across multiple networks and multiple hosts which will entail a much larger army of "zombie" machines to have a destructive effect. In a perfect world the victim would have a flexible set of rules that upon sensing an inordinate amount of traffic from a given address would rewrite the packets and send them back or forward them to another machine that is participating in the attack. In effect the routers would be engaged in a reflected denial of service attack upon the original pool of attackers. Eventually they would nullify each others ability to wage further attacks by clogging their own connections. This is theoretical so don't attempt to do this without adult supervision. Another option is to do round robin dns resolution for the target site. The only problem with this is the attackers will just attack the dns server and then nobody will find the site unless they can address it by IP address. If the attackers know the IP they will attack that also, in which case you are back at square one, that being your f*cked beyond redemption. The best thing I can think of is to have a private channel for people "in the know" where they can find out the latest information. Which brings you around to a subscriber situation which fails to serve the primary purpose of informing the public.
I reported the site to MSN as well. I just got a response from MSN that the group has been disabled (confirmed). Don't be afraid to file complaints when stuff like this crops up. Reputable hosts won't stand for it.