« And on the 26th day he rose again
Good riddance »

Back again

Hopefully all the wrinkles have been ironed out.

While the blog’s been down I’ve been entertaining myself with idle revenge fantasies against the horrible little spunker who orchestrated the Denial of Service attack in the first place.

Some of the details of the attack are quite interesting. The blog wasn’t just hammered from one source but several. The IP addresses of those sources were very intriguing.

Two IP addresses were of note. One was sourced back to the offices of one of the UK’s larger gas and electricity suppliers. God knows what jobs its online abuse team do but chasing online abuse doesn’t seem to be one of them.

The other IP address was sourced back to a department within the American government. I did toy with idea of sending my server logs showing the attack to the FBI’s Cyber Investigations department. What larks that could be.

Don’t get me wrong, whoever did this shows some small spark of sapience. Spoofing IP addresses must take some rudimentary skill. I’m not suggesting real intelligence, more a driving instinct like the one that makes a dung beetle push shit around for a living. Yes, that kind of thing.


Posted on December 17th, 2007 at 11:14 am

See also
Is it cos I is Blackwater?
Back home, they’ll be watching and waiting and cheering every move
Twitter daily digest
    
Permalink
Trackback

Subscribe By Email
Print This Post

Filed under A few administrative notices		  

6 Comments

  1. Sam on 17.12.2007 at 14:00 Permalink | Reply

    Home page still has the tom and jerry holding page.

  2. Clive (21 comments.) on 17.12.2007 at 14:07 Permalink | Reply

    Hi Sam, that sounds like a local cache problem, as the site is on a completely different server to the one with the holding page, and index.html doesn’t even exist on this server now.

    Cheers
    Clive

  3. Surreptitious Evil (7 comments.) on 17.12.2007 at 16:13 Permalink | Reply

    Spoofing IP addresses on UDP datagrams is utterly trivial, spoofing them for TCP connections (and getting the 3-way handshake to function - so not necessary for a SYN-flood attack) takes quite considerable effort, especially if you are spoofing away from your local network segment (minimal skill however, just the right tools and some network access.)

    ‘Tis more likely, in this day and age, that the toerag had access to part of a botnet, with one or more infected machines in the corporate / government space.

    I’d be willing to have a skeg at the logs if you want.

  4. Justin on 17.12.2007 at 18:30 Permalink | Reply

    Cheers SE - I might bung them across.

  5. Philip (106 comments.) on 17.12.2007 at 21:57 Permalink | Reply

    “Skeg”? Why not a caith or a barrow-in-fur? It’s nearly Christmas after all.

    (From IT slang to hairy garden implements, in easy relaxing stages. The mainstream media will never catch us now.)

  6. tyger (9 comments.) on 18.12.2007 at 10:42 Permalink | Reply

    Delightful to have you back, Mr. McKeating.

Leave a comment