CounterStream

Search icon
Back to home page

Home

Back to top

Top

Offensive Counter-Measures – Be Like Water

by th3j35t3r

Now, water can flow or it can crash. Be water my friend. – Bruce Lee

 

Interesting times we live in. We all know about the Gaza/Israel conflict. Anonymous (now dubbed #Anonhamas) as usual took the side of the recognized terror outfit, HAMAS,  and attacked random Israeli websites. There’s more about #Anonhamas  increasing sway towards terrorists here. I responded by shutting off three major HAMAS run propaganda websites, including their TV channel site.

 

After the ceasefire, I duly halted my own actions too. But as usual #Anonhamas wanted to exact some kind of revenge on me, and just like last time got their pathetic terrorist sympathizing buttholes handed to them. Again.
So it’s the day after Thanksgiving, and this very blog came under yet another ridiculous DDoS attack from #Anonhamas. This time I decided to try a different tactic, while confirming some concepts too. Now, we all know there is a huge link between the ranks of #Anonhamas and the likes of ‘Ralphy’ and his #OWS bums below (you should watch this video):

 

.

FOR A MINUTE THERE I THOUGHT HE  SAID  ‘GOD BLESS YOU’ AT THE END THERE, FURTHERMORE WHY DOESN’T THIS MAGGOT  ‘OCCUPY A JOB’?

 

 

So given that #Anonhamas support internationally recognized terrorists and align themselves with ‘people’ and I use the term loosley, like Ralphy above, you can imagine after relentless attacks on this site I need to defend myself.

 

So here’s the new tactic….

 

My site is rather well protected by Cloudflare – but I wanted to poke these fuckers in the eye, or more precisely make them poke themselves in their own eye, with their own chubby sweaty turd encrusted fingers. Firstly I will explain what a DNS name is for those that need it. DNS names are just pretty names for IP addresses. For example one of googles IP addresses is 209.85.148.138 but it’s far easier to remember ‘google.com‘ which literally points to the IP address. There’s more control too when you control the Domain Name and or DNS server.

 

But when using Cloudflare‘s awesome services nobody can see the actual IP address of your webserver. Which means they can only send their DDoS traffic at the server via its domain name, in this case ‘jesterscourt.cc’ – and I have full control over this subdomain – and I can point it to anywhere I please in any manner I please. So I simply redirected my domain name to the Occupy ‘movement’s main website. Known as ‘occupytogether.org’. Remember #Anonhamas are big supporters of the Occupy Movement and many of their ‘members’ are also members of the Occupy Movement. Fair game.

 

Here’s what happened next (Read in reverse chronological order):

 

 

So from that we can deduce, they are not totally ‘leaderless’ as they so often claim and have elements of both ‘command and control’, also the link between #Anonhamas and the ‘Occupy’ Movement  is strong. I’d love to have seen exactly how that went down between them. Did Occupy get on the phone to Anonymous and tell them to quit whacking me, because in doing so, they were in fact whacking them(selves)? 44 minutes is all it took to totally halt the attack using nothing more than a DNS redirect.

 

This is an interesting concept. Like using a mirror to bounce a laser beam right back at the enemy, forcing them to quit the shenanigans, double-time.

 



I might well look into this as a possiblity for an effective offensive cyber counter-measure, and automate it so the server detects an attack and looks at where it is coming from or it’s characteristics and then auto-redirects the domain a known list of derps, oh sorry I meant to say perps or their known associates, all the while checking if the attack is still ongoing and waiting for an all clear signal to reverse the redirect. Or something.

 

‘A small team of ‘A’ players can run circles round a giant team of ‘B’ and ‘C’ players. – Steve Jobs.

 

Stayin Frosty.
J.

 

 

UPDATE: Some folks don’t quite get it. It’s not rocket science…

 

 

  • My site comes under #Anonymous DDoS attack via it’s Domain Name (which you will note is a subdomain of mil.nf) as they cant see the real cloudflare protected IP address, but they can target by domain name instead.
  •  I then redirect my own domain name that is under attack to known #anonymous inter-breeders website ‘occupytogether.org’ on 209.234.253.221 and don’t have to wait 24-48 hours for DNS propagation because as stated above jesterscourt.cc is infact a subdomain of ‘mil.nf’
  • ‘occupytogether.org’ goes down as the #Anonymous initiated DDoS traffic fired at my domain name hits their server and snags it up, so it no longer serves content.
  • 44 minutes later ‘occupytogether.org’ comes back up, because #anonymous have finally realized whats going on and halt the attack. And hopefully feel more than a little stupid.
  • I reverse my redirect and point my domain name back to my own server and everything is back to normal. No attack, site online. Yay.
  • I write this blog post to explain the hilariousness or as they would say ‘lulz’.

 

GO FIGURE.

 

 

UPDATE: 11/28/12: Still the usual career trolls are trying to insinuate that what was described above is ‘technically impossible’ – in the face of this I decided to do a realtime demonstration of the redirect and how fast one can facilitate it on the fly. I conducted the demo live over twitter to eliminate any further doubt or discreditation attempts by the usual nay-sayers. Below is a screenshot over the demo occuring (please read from the bottom up)

 

 

MANY THANKS TO ALL WHO HELPED OUT THERE 😉

 

FINALLY THIS:


.

 

Popular Posts