Possible DDOS on gov.au sites starting tonight?
The group anonymous, who were reported to be responsible for the attack on scientology sites now have the Australian Government in their sights. In 2008 the Australian Government decided that the internet should be filtered. They are running trials with a number of ISPs. There is within Australia a fair amount of resistance to this practice for a number of reasons. You can read the government position here (http://www.dbcde.gov.au/online_safety_and_security/cybersafety_plan/internet_service_provider_isp_filtering). This Wikipedia article has more information on the issue as well (http://en.wikipedia.org/wiki/Internet_censorship_in_Australia)
In addition to opposition to this scheme within Australia it looks like the group anonymous has also become involved. A web site 09-09-2009.org was set up and it looks like activities are coordinated through another web site. The crux of their demands is for the senator responsible for the filtering scheme to resign and the plans for filtering to be abandoned, or else.
The or else is a DDOS attack on Australian government sites starting at 9.00 am GMT which is 7.00PM on the east coast. Fax machines and phone lines may also be targeted. Some "interesting" activity has been observed on some of the networks, but whether this is related or not is uncertain at this stage.
In preparation, make sure you have your incident handling processes ready, make sure that servers and other perimeter devices are patched so they are better able to resist attack. You may want to have your ISP's contact details handy just in case you need them to stem the flow of traffic. If your infrastructure is outsourced, maybe ask the outsourcer what plans they have in place, should anything happen. But most importantly decide if switching off the site in the face of an attack is an option for you.
Mark H
UPDATE 1
Well the DDOS Started at 7 pm on the dot and has been going on for about an hour or so. www.pm.gov.au is being kept busy and over the hour it was unavailable from where I am for a few minutes at best. The attack seems to be mostly multiple web requests on the site which exhausts the threads on the web server causing it to respond with a 503 error. Once left alone by a few of the attackers the site is again more than happy. As far as impact goes the net result seems to be zilch.
UPDATE 2
The attack is over. It achieved some publicity and managed to make the pm's website unavailable for a few minutes. Otherwise there was no impact. - M
Comments
Have a great day:)
Patrick.
PatrickD
Sep 9th 2009
1 decade ago
Mike Rohwedder
Sep 9th 2009
1 decade ago
7.00 pm EST
Mark
Sep 9th 2009
1 decade ago
Mike Rohwedder
Sep 9th 2009
1 decade ago
A quick analysis of my logs regarding tcp/445 reveals a constant barrage of deny packets averaging one a minute. I haven't as yet exported into Excel to calculate the unique IP daily totals. But I would expect that if this were a botnet that they have sufficient numbers to successfully DDoS us.
Mike Rohwedder
Sep 9th 2009
1 decade ago
joeblow
Sep 9th 2009
1 decade ago
Mike Rohwedder
Sep 9th 2009
1 decade ago