Comments on: Tikun Olam Suffers DOS Attack After Exposing Former IDF Torturer

By: medawar

medawar — Mon, 02 Aug 2010 10:16:09 +0000

Nearly all the attacks are made possible by the probably needless complexity of the software environment on what are, after all, meant to be personal computers.

But I speak as one who had to be convinced of the need for CPM, having learned on machine-code-only machines with just a “monitor” programme in EPROM somewhere.

A DNS attack is a different thing from a DoS attack: in the latter they are just using many machines (usually, other people’s machines infected with a virus) to swamp the site, although this usually involves attempts to send commands or requests that tie up a lot of the site’s time or crash its server in some way.

A DNS attack is when the DNS databases that let your machine find Richard’s site, are hacked so they direct your computer to a different server, which has a copy of his content on, but which records your comments and more particularly, your IP, for future reference. That’s not so bad, but such fake sites are also normally designed to fire malware back at your computer to drag information out of it, or to send on malware to everyone in your address book and so forth.

So a DNS attack is more malicious, and more subtle, than a DoS attack.

The Firestarter firewall for Ubuntu machines reacts instantly to any change in the DNS server your ISP is using during a session. This is good.

By: Richard Silverstein

Richard Silverstein — Mon, 02 Aug 2010 04:35:16 +0000

Duly noted. I come from the DOS age as well. But I’ve never suffered a DoS attack, so the lingo is a bit new to me.

By: Ruth

Ruth — Mon, 02 Aug 2010 00:12:47 +0000

Could you make that DoS? It’s very confusing for us oldtimers who used DOS (Disk Operating System) before Windows… For a bit there I thought someone had revived DOS or I was in the wrong century.

By: Medawar

Medawar — Sun, 01 Aug 2010 16:13:09 +0000

Indymedia UK, meanwhile, does the same thing on behalf of the powers that wannabe.

By: Richard Silverstein

Richard Silverstein — Sun, 01 Aug 2010 07:48:45 +0000

No one is blocked at least not for the reason given in that msg. The error message is generic and didn’t describe the reality of the situation which was a DOS attack.

By: Richard Silverstein

Richard Silverstein — Sun, 01 Aug 2010 07:47:33 +0000

Relax, most of the insults were directed at me, not you. But if you start digging up good original info that embarrasses the powers that be then you too can be smeared in the pages of Rotter.

By: Richard Silverstein

Richard Silverstein — Sun, 01 Aug 2010 07:43:23 +0000

An incomplete IP address doesn’t help us much even though I understand this is how things work in England (not here or in Israel I gather where we have full IPs). A Rotter member posted in that thread that the IP address 212.143.134.129 belongs to the Israel Broadcasting Authority. This may have to do with the fact that many journalists are researching the story and all these referrals appear to be an attack, but aren’t.

By: medawar

medawar — Sun, 01 Aug 2010 06:30:19 +0000

The attack on you followed a link being put on rotter.net, my conclusion is that there’s a computer scanning the internet for “Doran Zahavi” and putting the links up on rotter.net far automatically, or least it’s fully automatic on Saturday mornings. (Happened MUCH too fast to be someone surfing and finding it by chance!)

The IP is incomplete because sitemeter doesn’t tell non-law-enforcement people that last group (at least not in the UK, due to data protection act.) But it allows you the ISP and location.
There’s no question that if you give the relevant sitemeter page to the FBI, NETCU or SOCA, they can get the whole IP from the ISPs it went through to get there, though they won’t discuss the details.

Once rotter.net had my post, it then put up all the comments I posted here, again, automatically within a few seconds. It didn’t catch on to other posts of mine on the same subject, that didn’t contain “Doron Zahavi” until one of the RSS subscribers came back and manually surfed through my site.

So, about nine tenths of it is robotic.
What happened to my site wasn’t exactly an attack, just the consequence of the RSS feeds going to a lot of people whose computers all verified the link at the same time.
But whatever put your site down was evidently more than this. (The RSS effect doesn’t last for very long.)

Also, yesterday, when you were inactive, there were several occasions throughout the day when DNS servers in both the UK and Canada briefly lost their ability to find your site. Your tech person needs to watch this, because a DNS attack would imply an aspiration to put up a clone of this site and harvest the FULL IPs of all your regular readers and comment-writers.