[nsp-sec] IMPORTANT: DDoS-RS Reminders

SURFcert - Peter p.g.m.peters at utwente.nl
Tue Dec 14 02:06:11 EST 2010 

Tim,

Tim Wilde wrote on 2010-12-13 20:10:
> On 12/13/2010 7:59 AM, SURFcert - Peter wrote:
> >> Regarding this I have complaints from a customer who is claiming
> the IRC
> >> servers he is using are legitimate. He was blocked because his computer
> >> contacted them. The servers in question are 173.192.206.141 and
> >> 178.63.172.193.
> > New information seems to indicate these (and others) are IRC servers
> > used by Anonymous to discuss Wikileaks and things surrounding that. If
> > that is the case I think they should be considered false-positives. And
> > yes, people downloading and using LOIC should be handled. But not the
> > people discussing.
>
> As I mentioned in my reply earlier, our understanding is that these IRC
> servers have been set up specifically for the purpose of launching
> attacks, and any intended discussion is, at best, about those attacks,
> not about legitimate issues surrounding Wikileaks.  The intended purpose
> and potential risk it causes, in our judgment, outweighs the fact that,
> yes, as with any IRC server, it's /possible/ to use this server for
> legitimate discussions.  There are more than enough IRC servers and
> networks out there on which such legitimate discussions can take place,
> without a stated agenda and intent to launch attacks from those same
> networks.  The stated intent of the operators of this particular network
> makes it very unusual from the norm of what we see, and is primarily
> what makes it fall into the firmly malicious and thus listable category.

I understand your reluctance. I might even think the people behind these
servers explicitly invited everybody, including critics, to discuss on
these server to try to give them a sense of legitimacy. But I have to
take into consideration the kind of constituency we have. These are
mostly students that might be in favor of WikiLeaks but at the same time
are very opposed to a DDoS as a means to show that favoritism. They want
to make that clear to the Anonymous operators and the only way is
through these IRC servers.

The last couple of days Wikileaks and the DDoS actions has been on
national TV a couple of times. It is discussed in all kinds of
mailinglists and the general idea is that this is not-done. Some (true)
hacking group even invited people, who have been arrested for the DDoS
actions, to visit them for a course on ethical hacking. In the hopes
they can be saved.

In this situation it is not a good idea to disconnect people who try to
talk sense into the Anonymous operators.

One last thing to consider: Discussing illegal actions is in itself not
(yet) illegal. Especially not if you try co convert the people wanting
to perform illegal actions into legal actions.

-- 
Peter Peters, Teamleider Unix/Linux/Storage
ICT-Servicecentrum
Universiteit Twente, Postbus 217, 7500 AE Enschede
Telefoon 053 489 2301, Fax 053 489 2383,
P.G.M.Peters at utwente.nl, http://www.utwente.nl/icts

-- 
Peter Peters                     /------\           SURFnet bv
SURFcert                         | SURF |           cert.surfnet.nl
cert at surfnet.nl                  \-----\ \-----\    Postbus 19035
PGP Key ID 0x5A52C966                   | CERT |    NL-3501 DA  Utrecht
+31 30 2305 305                         \------/    fax: +31 30 2305 329



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20101214/fb5f4809/attachment-0001.sig>

More information about the nsp-security mailing list