The question is “who controls the internet?”
My reply would be, “nobody”. Just let everybody determine for and control themselves, not others, not the entire internet. We have a couple of administrating offices/registrars for domain names and IP addresses and that’s it. Corporations and governments do not think like that. Besides all of the bills governments have tried to enforce on the internet to “regulate” netizens, China and Russia tried a grab for power via the UN (ITU). And of course, the covert empire, with its insatiable lust for domination and staying “on top”, opened pandora’s box.
We, the people, are going to have to defend ourselves, individually and as a worldwide community, and without becoming the petty tyrants that we fight. And that means we build our own community owned, individually controlled, communication infrastructure. It also means solidarity.
With the rise of crackdowns on hacktivists and with more government-paid hacker teams around, the chances that activists and hacktivists will have to deal with Distributed Denial of Service (DDoS) attacks increases. Just recently, the cyberguerrilla websites were brought down by a DDoS attack. DDoS attacks are increasingly becoming a threat that hacktivists and activists need to be prepared for.
Learn about DDoS
DDoS attacks work by leveraging the power of hijacked computer systems (for example through the use of botnets) to send a huge amount of traffic to a single designated target. DDoS can be effective in bringing down our sites and making us less effective in responding to activist and hacktivist requests and in dissiminating information and researching and relating news. Most DDoS attacks do not prey on a victim’s weaknesses; being cautious and using the right tools and protection, as is the case in hack attacks, is not enough. But we can protect our network against these attacks by making some network design decisions. A DDoS is a never-ending stream of requests from a large number of sources, or uses for example, apache vulnerabilities, as is the case with the use of XerXes.
DIY design choices
Get your own server (with raid if you can). It doesn’t need to be first hand. A second hand will do. Preferably get two so you have a separate backup and can build a mirror of the sites you or someone else in the network hosts in return for them setting up a mirror of sites you host, or make that a three-way trade with a third server in the network we will build.
Configure your server(s) in a by you preferred way and make security tight, but don’t use apache as webserver. Nature teaches diversity to be an excellent defense tactic. Use one of the alternatives for an apache server.
Test for Pingfloods: Set up an IDS and tweak it to not detect false positives. Ask some anonymous to help with testing for the tweaking. Set up a firewall to block by the IDS detected requests.
Test Syn Flood Attacks and Syn Cookies, and for Slow Loris attacks. Use ‘SYN cookies’ to eliminate the use of resources that the server uses for half-open connections and put a reverse proxy in place or use cloudflare or whatever we discover more that will work for defense.
While you are at it, set up a Tor bridge to help your fellow netizens, and perhaps a YaCy server. An I2P server may also be an excellent addition. All three are distributed peer-to-peer without central server, and for all three the the quantity and quality of the results will depend on the number of peers connected. More ideas? Do share. Suggestions are welcome.
Even with all that, if the bandwidth is overwhelmed by requests, the sites will still probably be inaccessible.
Another point of concern is the Internet Service Provider (ISP). If the attack is large enough, the ISP can choose to cut the route out of the system to save bandwidth and avoid degrading performance for other customers and servers. That is worse than the actual impact of the DDoS attack itself. It can even take something like two days before the ISP responds to tickets to put it back online.
Place your server with a provider that has some serious bandwith and a for our purpose fitting policy. Double check by discussing it when you make the deal.
Interested in setting up a server in a communication infrastructure controlled by the movement and not corporations or the government? Have experience with one of the above to give those involved a jump start? Let us know. We will keep reporting on our progress and what works and not. For we aren’t the only activists and hacktivists with increased risk of attack. And depending on the funds we gather we may be able to help you with that too.
For most of us this means monies that we don’t have, so please help by donating a little to our fund for that.