The Chinese government obviously doesn't want the CHinese to look at pornography or learn anything about Marxism! MIA stands for Marxist Internet Archives. The post is copied from the list PEN-L
Attack Log
------------------------------------------------------------------------
January 10 - 13: Sporadic reports come in from volunteers in Australia
and Asia that the MIA is not accesible for a few hours, and then comes
back.
First attack
January 15: MIA detects a series of DoS (Denial of Service) SYN floods
from various Chinese networks. Unlike the attacks of the previous few
days, these are constant. These attacks cause our server to have a
kernel panic and crash. Just as soon as the server reboots, the SYN
floods [CVE-1999-0116] cause another crash, and this continues
constantly.
First, we write a crude script that blocks every SYN flood attempt,
every minute. This is successful only for a short period, as the sheer
number of Chinese IPs sending the SYN floods is too large to overcome.
Next, we figure out that the SYN floods are exploiting a vulnerability
in the Linux kernel (version 2.4.23), and we rebuild the Linux kernel
to version 2.4.34, which overcomes these attacks. Meanwhile, the
nature and origin of the attack, our previous history with the Chinese
government (censorship, etc), and the experience of others suggest
that this maybe politically motivated and directed by the Chinese
government.
1 hour sample of attacking IP origins
222.35.30.105
China Railway Telecom, Beijing
60.16.220.61
CNC Group, Liaoning Province Network, Liaoning
121.34.136.245
China Net, Guangdong Province Network, Guanzhou
222.240.83.89
China Net, Changsha Node Network
122.4.213.41
China Net, Shandong Province Network, Jinan
203.192.13.2
Xinhua News Agency
221.216.207.194
CNC Group, Beijing Province Network, Beijing
221.6.37.60
Nanjing Medical University, Nanjing Jiangsu Province Network, Nanjing
221.226.2.213
China Net, Jiangsu Province Network, Jiangsu
61.233.167.159
China Railway Telecom Center, unknown city
At this point, however, our 4 year old server heaves under the strain.
The string of constant reboots has taken its toll: the server reports
a Machine Check Exception of a CPU context corruption, causing further
crashes. This process further bludgeons the damaged server, and
subsequent boots cause a failure in the RAID, forcing a rebuild of the
array. During further crashes, one of the disks fails, causing future
rebuilds of the array to be quite hopeless.
Ironically, MIA had planned to purchase a new server in 2007, since
our server was 4 years old, and our life expectancy for the server had
nearly arrived. This attack forced this process to double, but another
disaster would soon strike.
January 16: In order to buy a new server, we needed to speak to our
hosting provider and ISP, CCCP. We had been trying to contact CCCP for
several months, to no avail, but after an urgent appeal, we finally
recieved a response: CCCP is shutting down on February 1st. This, at
least, explained our difficulties in contacting them!
To recount events to date: first, we are attacked by China; second,
our server hardware fails; third, our hosting provider is shutting
down in two weeks.
Late in the day, after reviewing several options, we resolve on the
kind of server to buy to meet our needs.
January 17: After a long search consisting of about 12 different
options for colocation, we find one that suits our high bandwidth
needs at a reasonable, low cost.
January 18: After three days of debate, MIA votes 14 to 4 to include
notice indicating that the source of the attacks was likely the
Chinese government.
January 20: Marxists.org is redirected to our mirror servers. On the
following day, a round robin DNS is setup between three MIA mirrors.
Second attack
January 21-24: Mirror sites find a change in tactics, now a more crude
Denial of Service attack is launched: Chinese sources download in mass
material from the Chinese section. The German mirror combats this by
limiting the number of connections to the server. Nevertheless, server
load remains extremely high.
Subscribe to:
Post Comments (Atom)
US will bank Tik Tok unless it sells off its US operations
US Treasury Secretary Steven Mnuchin said during a CNBC interview that the Trump administration has decided that the Chinese internet app ...
-
Mike Dunleavy the governor of the US state of Alaska is intending to introduce legislation that will repeal the two state boards which regu...
-
US Treasury Secretary Steven Mnuchin said during a CNBC interview that the Trump administration has decided that the Chinese internet app ...
-
(August 11 ) In recent weeks, a recurring problem has been that Russia has intercepted US surveillance planes over the Black Sea as they wer...
No comments:
Post a Comment