[Leica] LUG server was down but now back up

Ric Carter cartersxrd at gmail.com
Sat Aug 13 17:47:28 PDT 2022


fascinating

Thx

Ric



> On Aug 13, 2022, at 6:23 PM, Brian Reid <reid at mejac.carlsbad.ca.us> wrote:
> 
> Most cyberattacks are not targeted at specific organizations. Some are, of course, but for the most part, cyberattackers just pick IP addresses at random and start blasting at them to see what happens.
> 
> In the case of the LUG, it's somewhat nonrandom. The LUG server leica-users.org is at IP address 199.5.253.5. This is part of the netblock 199.5.253.0/24, which has 255 addresses in it (199.5.253.0 through 199.5.253.254). I own that netblock.
> 
> The LUG server is in a data center in Fremont, California (Hurricane Electric FMT2), which also houses thousands of other organizations and hundreds of thousands of servers. That data center normally charges $800/month for a cabinet that has room for about 30 or 40 servers. Because I was able to structure my cabinet to look like it belongs to an ISP, they let me have it free. To look like an ISP, you must meet certain requirements for netblock ownership, fiber capacity, router behavior, and traffic volume. When data centers compete for business, they brag about how many ISPs are hosted there, and my "looks a lot like an ISP" counts as one of them because the only way you might discover it is not a real ISP is to look deeply inside its customer base. (Or read this message, I suppose. I think I probably ought to delete it from the archives after a few weeks).
> 
> LUG things occupy 3 of the 255 IP addresses in that netblock. LargeFormatPhotography.info occupies another one.
> 
> Another major user of my IP address block is the Church of England and numerous Anglican dioceses and provinces around the world. 20 years ago my servers hosted about half of the Anglican websites in the world, but there are now good ISPs in every country and any Anglican/Episcopal group that can afford it has moved off my servers into one in their own country. This leaves my servers hosting mostly church provinces in third-world countries, plus some very visible Church of England stuff that remains on my servers because they want to.
> 
> Last week the every-10-years Lambeth Conference wrapped up in Canterbury, England. Every Anglican/Episcopal bishop in the world was invited to it, and about 1200 of them attended. Mostly what they did was fight bitterly about gender and sexuality. Third-world bishops are passionately opposed to any variant sexuality, and think that anyone who doesn't share their view is possessed by Satan. Bishops from the first world are more concerned about climate, hunger, war, and refugees and are quite weary of arguing about sexuality.
> 
> The big cyberattack came 5 days after the end of the Lambeth Conference. My theory is that some group from the "if you don't execute homosexuals in your country then you are possessed by the devil" camp noticed that a number of their enemies had IP addresses in my netblock and paid a cyberattack company to pound on the whole netblock. In countries that border Ukraine there are a lot of commercial cyberattack companies that charge a few thousand Euros per hour to attack anyone you would like. This one was in Belarus. The actual addresses used by the Anglican/Episcopal groups are 199.5.253.8 through .14, but that level of detail is lost on brute-force cyberattackers.
> 
> During a cyberattack there is so much malicious traffic that servers often give up and shut themselves down. That is what my servers did. Like Monty Python's commercial argument service, when the paid time is up the attackers turned it off.
> 
> 
> On 2022-08-12 20:47, Frank F via LUG wrote:
>> When the lowly, small, and insignificant LUG is the target of a foreign
>> cyber attack, I think the world baddies have lost their expectations in
>> world domination.
>> Attackers, get your priorities in order.
>> We are not the FBI, we have no connections to nukes, we not have the keys
>> to Fort Knox.
>> Get a life!
>> On Fri, Aug 12, 2022 at 8:20 AM Brian Reid <reid at mejac.carlsbad.ca.us>
>> wrote:
>>> The LUG server experienced a massive cyberattack from somewhere in West
>>> Asia (perhaps Belarus or Moldova) and was offline for several hours. I
>>> was not able to deflect the attack, but the attackers eventually got
>>> bored and went to attack someone else. It is now working again.
>>> _______________________________________________
>>> Leica Users Group.
>>> See http://leica-users.org/mailman/listinfo/lug for more information
> 
> _______________________________________________
> Leica Users Group.
> See http://leica-users.org/mailman/listinfo/lug for more information



More information about the LUG mailing list