Search results

Being encrypted doesn't mean traffic analysis is impossible. Examples: 1) Check for encapsulation protocols (e.g., ESP which is used for IPSec) 2) Check for connections to known VPN or proxy ports (e.g. UDP 1194, TCP 8080, etc etc etc)  3) Is all traffic encrypted? If yes, its likely a VPN...

Once you are part of the collateral damage you might think differently...  Unless of course, you like being woken up at 4AM by a "everything's down" alert, just because someone thought one of your clients was worth "protesting" against? I think you'd be a minority there though. 

My problem with that is - how many intermediary networks might be affected by such an attack? For example, Seth's attack this thread is about knocked LINX out for a while. It's no good calling it protesting if there's tonnes of collateral damage. 

Wasn't Sven Spamdrew Stephens' partner in crime, with spamdrew being the main only face behind stophaus? 

He's now been sentenced, however its not public record what he's been given. It looked like prosecution were pushing the money laundering side hardest rather than computer misuse or CP, judging by the court records. 

I had a check a while ago, and they're only relaying about 30kbps of traffic.  https://trac.torproject.org/projects/tor/wiki/doc/badRelays Not going to be an issue. If they start getting traffic people can just mark their relays as bad and move on with their life. 

I saw a thread a few months back (I think it was on LEB) where a customer had left a bad review of a host and subsequently was marked as fraud in fraudrecord. After a lot of pestering the report got removed. Pretty sure it was one of the usual drama brands, though I'm not entirely sure. 

Mind you, the kiddie hosts are going to mostly be the ones listing people as fraud because they left a bad review. Thing would probably be better without them. 

Did a little digging and the author was going to mention the CP charges, but decided it wasn't really relevant to the article he wrote. https://twitter.com/briankrebs/status/544167404386152448

https://www.webhostingtalk.com/member.php?u=392310

I've just got confirmation it was the guy I thought it was. Seth, the individual known for creating a cheat for Garry's Mod called SethHack. Article has his first name wrong. Plead guilty to all charges. ...

Why bother? Unless he's needing 3 drives worth of data that's just wasting peace of mind. +1 for RAID1 with hot spare.

http://www.spamhaus.org/sbl/listings/servermania.com They've just moved ;)

Most foreign ID's have the English equivalent on them. Russian ones might not - it's a bit of a pain!

That just trades in an inconvenience for something that wouldn't fool a human for long. As rds100 says, that isn't security. SSH keys + (where suitable) trusted login IP address is enough to deter almost attacker from using brute force attacks.

In the last 16 hours we've blocked 36,000 bruteforce attempts to our client's SSH

I don't see the point of third party monitoring ( besides obvious stuff like uptime checks, etc ). Our in house firewall is capable of preventing the majority of denial of service attacks to line rate (especially outgoing ones), spam, obvious SSH attacks with frequent notifications - and then...

Custom firewall + scripts

Doesn't always work though - I remember when a certain reasonably popular Swiss dedicated/colo provider spammed half of WHT and their reply to the many people who complained was pretty much "suck it, you signed up for emails from us" (despite it not being the case)