Archived posting to the Leica Users Group, 2022/08/13
[Author Prev] [Author Next] [Thread Prev] [Thread Next] [Author Index] [Topic Index] [Home] [Search]fascinating Thx Ric > On Aug 13, 2022, at 6:23 PM, Brian Reid <reid at mejac.carlsbad.ca.us> > wrote: > > Most cyberattacks are not targeted at specific organizations. Some are, of > course, but for the most part, cyberattackers just pick IP addresses at > random and start blasting at them to see what happens. > > In the case of the LUG, it's somewhat nonrandom. The LUG server > leica-users.org is at IP address 199.5.253.5. This is part of the netblock > 199.5.253.0/24, which has 255 addresses in it (199.5.253.0 through > 199.5.253.254). I own that netblock. > > The LUG server is in a data center in Fremont, California (Hurricane > Electric FMT2), which also houses thousands of other organizations and > hundreds of thousands of servers. That data center normally charges > $800/month for a cabinet that has room for about 30 or 40 servers. Because > I was able to structure my cabinet to look like it belongs to an ISP, they > let me have it free. To look like an ISP, you must meet certain > requirements for netblock ownership, fiber capacity, router behavior, and > traffic volume. When data centers compete for business, they brag about > how many ISPs are hosted there, and my "looks a lot like an ISP" counts as > one of them because the only way you might discover it is not a real ISP > is to look deeply inside its customer base. (Or read this message, I > suppose. I think I probably ought to delete it from the archives after a > few weeks). > > LUG things occupy 3 of the 255 IP addresses in that netblock. > LargeFormatPhotography.info occupies another one. > > Another major user of my IP address block is the Church of England and > numerous Anglican dioceses and provinces around the world. 20 years ago my > servers hosted about half of the Anglican websites in the world, but there > are now good ISPs in every country and any Anglican/Episcopal group that > can afford it has moved off my servers into one in their own country. This > leaves my servers hosting mostly church provinces in third-world > countries, plus some very visible Church of England stuff that remains on > my servers because they want to. > > Last week the every-10-years Lambeth Conference wrapped up in Canterbury, > England. Every Anglican/Episcopal bishop in the world was invited to it, > and about 1200 of them attended. Mostly what they did was fight bitterly > about gender and sexuality. Third-world bishops are passionately opposed > to any variant sexuality, and think that anyone who doesn't share their > view is possessed by Satan. Bishops from the first world are more > concerned about climate, hunger, war, and refugees and are quite weary of > arguing about sexuality. > > The big cyberattack came 5 days after the end of the Lambeth Conference. > My theory is that some group from the "if you don't execute homosexuals in > your country then you are possessed by the devil" camp noticed that a > number of their enemies had IP addresses in my netblock and paid a > cyberattack company to pound on the whole netblock. In countries that > border Ukraine there are a lot of commercial cyberattack companies that > charge a few thousand Euros per hour to attack anyone you would like. This > one was in Belarus. The actual addresses used by the Anglican/Episcopal > groups are 199.5.253.8 through .14, but that level of detail is lost on > brute-force cyberattackers. > > During a cyberattack there is so much malicious traffic that servers often > give up and shut themselves down. That is what my servers did. Like Monty > Python's commercial argument service, when the paid time is up the > attackers turned it off. > > > On 2022-08-12 20:47, Frank F via LUG wrote: >> When the lowly, small, and insignificant LUG is the target of a foreign >> cyber attack, I think the world baddies have lost their expectations in >> world domination. >> Attackers, get your priorities in order. >> We are not the FBI, we have no connections to nukes, we not have the keys >> to Fort Knox. >> Get a life! >> On Fri, Aug 12, 2022 at 8:20 AM Brian Reid <reid at mejac.carlsbad.ca.us> >> wrote: >>> The LUG server experienced a massive cyberattack from somewhere in West >>> Asia (perhaps Belarus or Moldova) and was offline for several hours. I >>> was not able to deflect the attack, but the attackers eventually got >>> bored and went to attack someone else. It is now working again. >>> _______________________________________________ >>> Leica Users Group. >>> See http://leica-users.org/mailman/listinfo/lug for more information > > _______________________________________________ > Leica Users Group. > See http://leica-users.org/mailman/listinfo/lug for more information