[OT somewhat] DDOS attacks, where to report?

[OT somewhat] DDOS attacks, where to report?

shimi linux-il at shimi.net
Sun Jan 27 08:33:50 IST 2013 

On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham <yba at tkos.co.il>wrote:

> On Sun, 27 Jan 2013, shimi wrote:
>
>  Date: Sun, 27 Jan 2013 00:30:02 +0200
>>
>> From: shimi <linux-il at shimi.net>
>> To: Jonathan Ben Avraham <yba at tkos.co.il>
>> Cc: ILUG <linux-il at cs.huji.ac.il>
>> Subject: Re: [OT somewhat] DDOS attacks, where to report?
>>
>> On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham <yba at tkos.co.il>
>> wrote:
>>
>> This is not true in general under Israeli law, as I have found out myself
>> from unfortunate personal experience. See http://he.wikipedia.org/wiki/%*
>> *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2<http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2>
>>
>>
>> This law is about telling the authorities about a CRIME THAT IS GOING TO
>> HAPPEN, that you know about, so that the authorities can stop the criminal
>> PRIOR to the act of crime.
>>
>> Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to
>> the customer (they can't possibly know. like I've already said - chances of
>> catching the source behind a DDoS are almost nil) - I personally find it
>> difficult to understand
>> why you think this law is relevant on our case...
>>
>
>
> Hi Shimi,
> This law is in fact applied to ongoing crime as well as futire crime. It's
> not enough that you know someone has been trafficking Ukrainain girls for
> two years already to exempt you from reporting it if you find out about it.
>
>
This is not an ongoing crime. Your friend server is offline, the attacker
noticed and stopped bombarding. ISP is happy. That's the reason they
disconnected your friend at the first place - they knew their
infrastructure will no longer be attacked when they do. This is the reason
why people DDoS in the first place! Because it works...


>
>
>  Also, not even sure that this is called a crime that happens within the
>> borders of Israel. After all, the attacker, and his 'associate' computers,
>> are all (for the lack of better knowledge) outside the borders of Israel
>> when this happens. Again,
>> the Israeli police (or Government) has no jurisdiction over the whole
>> Internet...
>>
>
>
> It's is enough for the victim to be affected in Israel for it to be a
> crime in Israel.
>
>
This may be true (I don't know our law. it was more of a quandary). Still,
jurisdiction over the entire Internet, not located in Israel? That's not
simple!


>
>  I think it is time for me to quote from the Serenity Prayer:
>>
>> "God, grant me the serenity to accept the things I cannot change, The
>> courage to change the things I can, And wisdom to know the difference."
>>
>> Of course, I wish your friend luck if he opts to pursue this anyways,
>> with the hope for: a) any sort of success, and b) that he won't waste so
>> much time/money on his attempts...
>>
>
>
> I'm wondering if there isn't a public policy initiative that we should be
> pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's
> necessary, but sometimes concrete action is required. The problem here is
> that some small players are getting soaked disproportionately for the
> county's wars.
>
>
I already asked and couldn't see your answer, so I will ask again: What
actions do you want your government to do against the computers in China,
North Korea, or Arab countries? Please elaborate. Don't just say that
'someone needs to do something' - tell us what can they do that they don't,
that would help in situations like this... also tell us what should they do
after they somehow made 20,000 computers clean, just to realize that in a
keystroke, the attacker infected 20,000 other computers, and all what they,
basically had no influence whatsoever.

b.t.w. why are you so sure that those are "country's wars" ? Running an
innocent IRC server is very likely to get you DDoS'd too. A decade ago,
DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit
more time than not, because someone DDoS'd them. For months. The network
lost servers because ISPs that donated them didn't want the headache -
their legitimate business got hurt. The network never recovered. At the top
they had > 100k users online globally. This second the number is 12,727
users. Israel was not a side...

Your friend got DDoS'd because he got DDoS'd. The country he lives at had
nothing to do with it. Unless of course he hosted specific websites that
made people angry. If that was the case, it was his war, not the country's.
"Sof Ma'ase, Be-Machashava Techila"...

-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20130127/368c26d5/attachment-0001.html>

More information about the Linux-il mailing list