Archived posting to the Leica Users Group, 2022/08/13

[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]

Subject: [Leica] LUG server was down but now back up
From: cartersxrd at gmail.com (Ric Carter)
Date: Sat, 13 Aug 2022 20:47:28 -0400
References: <cef50466645a365677caa04e642dbdf3@mejac.carlsbad.ca.us> <CAOgCMTQqNQCwaLpiMKJ0tdwDUo0gy=+Fs=c-gFYSJajOXfsmFA@mail.gmail.com> <7697598d2f1923c6b6b5339f2a4d921c@reid.org>

fascinating

Thx

Ric



> On Aug 13, 2022, at 6:23 PM, Brian Reid <reid at mejac.carlsbad.ca.us> 
> wrote:
> 
> Most cyberattacks are not targeted at specific organizations. Some are, of 
> course, but for the most part, cyberattackers just pick IP addresses at 
> random and start blasting at them to see what happens.
> 
> In the case of the LUG, it's somewhat nonrandom. The LUG server 
> leica-users.org is at IP address 199.5.253.5. This is part of the netblock 
> 199.5.253.0/24, which has 255 addresses in it (199.5.253.0 through 
> 199.5.253.254). I own that netblock.
> 
> The LUG server is in a data center in Fremont, California (Hurricane 
> Electric FMT2), which also houses thousands of other organizations and 
> hundreds of thousands of servers. That data center normally charges 
> $800/month for a cabinet that has room for about 30 or 40 servers. Because 
> I was able to structure my cabinet to look like it belongs to an ISP, they 
> let me have it free. To look like an ISP, you must meet certain 
> requirements for netblock ownership, fiber capacity, router behavior, and 
> traffic volume. When data centers compete for business, they brag about 
> how many ISPs are hosted there, and my "looks a lot like an ISP" counts as 
> one of them because the only way you might discover it is not a real ISP 
> is to look deeply inside its customer base. (Or read this message, I 
> suppose. I think I probably ought to delete it from the archives after a 
> few weeks).
> 
> LUG things occupy 3 of the 255 IP addresses in that netblock. 
> LargeFormatPhotography.info occupies another one.
> 
> Another major user of my IP address block is the Church of England and 
> numerous Anglican dioceses and provinces around the world. 20 years ago my 
> servers hosted about half of the Anglican websites in the world, but there 
> are now good ISPs in every country and any Anglican/Episcopal group that 
> can afford it has moved off my servers into one in their own country. This 
> leaves my servers hosting mostly church provinces in third-world 
> countries, plus some very visible Church of England stuff that remains on 
> my servers because they want to.
> 
> Last week the every-10-years Lambeth Conference wrapped up in Canterbury, 
> England. Every Anglican/Episcopal bishop in the world was invited to it, 
> and about 1200 of them attended. Mostly what they did was fight bitterly 
> about gender and sexuality. Third-world bishops are passionately opposed 
> to any variant sexuality, and think that anyone who doesn't share their 
> view is possessed by Satan. Bishops from the first world are more 
> concerned about climate, hunger, war, and refugees and are quite weary of 
> arguing about sexuality.
> 
> The big cyberattack came 5 days after the end of the Lambeth Conference. 
> My theory is that some group from the "if you don't execute homosexuals in 
> your country then you are possessed by the devil" camp noticed that a 
> number of their enemies had IP addresses in my netblock and paid a 
> cyberattack company to pound on the whole netblock. In countries that 
> border Ukraine there are a lot of commercial cyberattack companies that 
> charge a few thousand Euros per hour to attack anyone you would like. This 
> one was in Belarus. The actual addresses used by the Anglican/Episcopal 
> groups are 199.5.253.8 through .14, but that level of detail is lost on 
> brute-force cyberattackers.
> 
> During a cyberattack there is so much malicious traffic that servers often 
> give up and shut themselves down. That is what my servers did. Like Monty 
> Python's commercial argument service, when the paid time is up the 
> attackers turned it off.
> 
> 
> On 2022-08-12 20:47, Frank F via LUG wrote:
>> When the lowly, small, and insignificant LUG is the target of a foreign
>> cyber attack, I think the world baddies have lost their expectations in
>> world domination.
>> Attackers, get your priorities in order.
>> We are not the FBI, we have no connections to nukes, we not have the keys
>> to Fort Knox.
>> Get a life!
>> On Fri, Aug 12, 2022 at 8:20 AM Brian Reid <reid at mejac.carlsbad.ca.us>
>> wrote:
>>> The LUG server experienced a massive cyberattack from somewhere in West
>>> Asia (perhaps Belarus or Moldova) and was offline for several hours. I
>>> was not able to deflect the attack, but the attackers eventually got
>>> bored and went to attack someone else. It is now working again.
>>> _______________________________________________
>>> Leica Users Group.
>>> See http://leica-users.org/mailman/listinfo/lug for more information
> 
> _______________________________________________
> Leica Users Group.
> See http://leica-users.org/mailman/listinfo/lug for more information



Replies: Reply from robertbaron1 at gmail.com (Robert Baron) ([Leica] LUG server was down but now back up)
In reply to: Message from bmwred735i at gmail.com (Frank F) ([Leica] LUG server was down but now back up)