Conversation

Notices

1. pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 14:42:27 JST pistolero :thispersondoesnotexist:

   • ins0mniak
   • тняэдт[₅₄₇₇₇]
   :hacker_f::hacker_s::hacker_e:
   
   In other news, if FSE is slow, that's because, for the first time in a while, we're being DDoS'd! Since I started typing this, we've gotten a few million DNS packets, about 14,000 per second. Almost all queries for mgi.gov. Given that mgi.gov is the .gov's "Materials Genome Initiative", FSE might not actually be the target, they might just be trying to do a reflection attack. FSE was running dnsmasq as an open recursor, which I figured I'd just do as long as it remained harmless. (If you were using FSE for a DNS server, sorry, I've shut it down.)
   
   One thing that's interesting is that the outgoing port on the sources is odd: the outgoing port is 80! (Usually, on most OSs, the program specifies "0" for the outgoing port when creating a socket, and the OS allocates an "ephemeral port", a port number between 32768 and 65535. Ports you listen() on are allocated below that range: have a look at /etc/services. This is why most port scans stick to the range 1-32767.) This could conceivably be to make it difficult to notice, but I don't think that's what's happening. Follow along for a minute (and skip the parentheticals if you know the stuff inside them already), I'll explain.
   
   These IP addresses are might be spoofed: with a TCP connection, there's the three-way handshake (SYN, ACKSYN, ACK), and then to make an HTTPS request, there's also the TLS negotiation: it's very difficult to spoof that many packets. (If the server gets an RST for its ACKSYN, then it treats it like a dropped connection. You used to be able to get around that, too, but then they started randomizing TCP sequence numbers, too, and you could get around that for a while because they were using bad RNGs, especially Windows. Look up the three-way handshake and TCP sequence numbers and TLS negotiation and then keep following links, I don't want to distract by going on about this much longer.) It is implausible that a full HTTPS request happens with a spoofed IP under normal circumstances, but DNS is UDP, it's fire and forget.
   
   That's why it might actually just be a reflection attack: if you've got a friendly enough route, you can send off a packet that says "I'm a DNS query from $some-other-host, port 80", and the DNS server will send a response to $some-other-host:80 (almost exactly like writing the wrong return address on a piece of mail to get it bounced to somewhere else). So if you wanted to hose someone's website and you had a list of open recursors and you knew how to fire off UDP packets with forged return addresses, then you could put the IP and port number of the service you wanted to hose in the source address of a DNS query, then send it along to the recursor, which will send its response back to whatever address is listed in the source.
   
   Anyway, no more open recursor on FSE (not that anyone besides botnets noticed, probably), and if it's a reflection attack rather than an attempt at DDoSing FSE, they'll probably give up. It's also possible they're trying to DDoS FSE and forging the packets' source address for splash damage, but that seems unlikely.
   
   cc @threat , @ins0mniak, you guys might get a kick out of this. Reflection attacks, forged UDP packets. Just like the old days!
   this_is_making_fse_unreliable.png
   dns_ddos--port80.png
   •  and † top dog :pedomustdie: like this.
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Wednesday, 27-Sep-2023 14:42:59 JST † top dog :pedomustdie:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @p @threat @SoyMagnus @ins0mniak Wow thats quite cool
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 14:43:00 JST pistolero :thispersondoesnotexist:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @ins0mniak @threat Also @SoyMagnus, you like this stuff.
   • Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 14:47:07 JST Machismo

     in reply to

     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @p @threat @ins0mniak But why query mgi.gov 🤔 Regardless of what they're doing, wouldn't they also want to get big responses?
     Apparently they are, but where from? The apparently huge requests, I suppose. ????
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 15:01:02 JST pistolero :thispersondoesnotexist:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @dcc @SoyMagnus @ins0mniak @threat Yeah, I got an excuse to do some forensics tonight.
     † top dog :pedomustdie: likes this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:02:00 JST pistolero :thispersondoesnotexist:

     in reply to

     • Machismo
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @Zerglingman @ins0mniak @threat
     
     > But why query mgi.gov
     
     Who knows? I'm not even sure who's doing it.
     
     > Regardless of what they're doing, wouldn't they also want to get big responses?
     
     I'm not sure what you mean. They are setting "OPT UDPsize=65535". But basically it's volume.
     Machismo likes this.
   • Machismo (zerglingman@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:02:45 JST Machismo

     in reply to

     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @p @threat @ins0mniak As in if you're going to use DNS as a spam tool, don't you want the query to go to your malicious DNS server that unloads huge volumes of crap?
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:19:56 JST pistolero :thispersondoesnotexist:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @ins0mniak @SoyMagnus @dcc @threat Hoping you meant "friends" and not "feds". :tyrellmanic:
     † top dog :pedomustdie: likes this.
   • ins0mniak (ins0mniak@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:19:57 JST ins0mniak

     in reply to

     • Soy_Magnus
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @p @dcc @SoyMagnus @threat we still freds right
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Wednesday, 27-Sep-2023 16:20:44 JST † top dog :pedomustdie:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @p @threat @SoyMagnus @ins0mniak Freudian slip :dick_message:
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:34:52 JST pistolero :thispersondoesnotexist:

     in reply to

     • Machismo
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @Zerglingman @ins0mniak @threat FSE had a DNS server running on it; DNS was just the protocol they're using to bounce packets around, though, the target isn't DNS.
     Machismo and † top dog :pedomustdie: like this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Wednesday, 27-Sep-2023 16:40:02 JST pistolero :thispersondoesnotexist:

     in reply to

     • Natalie Misskey
     @natalie
     
     > what are the source addresses like? just a few?
     
     Present in the iftop screenshot. I can pull all of them out if it's of interest. It's still going on right now.
     
     > asking mgi.gov's nameservers for ANY gives a pretty big response with a bunch of dnssec rrsig so that's probably why that name in particular...
     
     *Ah*. The queries are ANY.
   • Natalie Misskey (natalie@nya.social)'s status on Wednesday, 27-Sep-2023 16:40:04 JST Natalie Misskey

     in reply to

     @p@freespeechextremist.com yeah that seems like an attempt at reflection-ing someone else. what are the source addresses like? just a few?
     
     asking mgi.gov's nameservers for ANY gives a pretty big response with a bunch of dnssec rrsig so that's probably why that name in particular...

     Machismo repeated this.
   • тняэдт[₅₄₇₇₇] (threat@annihilation.social)'s status on Wednesday, 27-Sep-2023 20:42:32 JST тняэдт[₅₄₇₇₇]

     in reply to

     • Soy_Magnus
     • ins0mniak
     • † top dog :pedomustdie:
     @dcc @p @SoyMagnus @ins0mniak
     
     fedian slip.
     
     technical fed would be appropriate label since we are on fediverse.
     † top dog :pedomustdie: likes this.
   • Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Thursday, 28-Sep-2023 12:15:21 JST Soy_Magnus

     in reply to

     • ins0mniak
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @ins0mniak @threat @dcc @p now thats whats good. Hell yeah i smoke all the tine at the end of the day with my dog and we scare meth and fentynol addicts off all noght its wonderful. Keep that energy guys enjoy life while you can :winkingfelix:
     † top dog :pedomustdie: likes this.
   • тняэдт[₅₄₇₇₇] (threat@annihilation.social)'s status on Thursday, 28-Sep-2023 12:15:22 JST тняэдт[₅₄₇₇₇]

     in reply to

     • Soy_Magnus
     • ins0mniak
     • † top dog :pedomustdie:
     @ins0mniak @dcc @SoyMagnus @p
     
     smoking the langley strain i see? puff puff pass
   • ins0mniak (ins0mniak@freespeechextremist.com)'s status on Thursday, 28-Sep-2023 12:15:22 JST ins0mniak

     in reply to

     • Soy_Magnus
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @threat @SoyMagnus @dcc @p man, I'm having the greatest week of all time.
     
     Onlything left is for Jenifer Anniston to call me up and as for a threesome.
   • ins0mniak (ins0mniak@freespeechextremist.com)'s status on Thursday, 28-Sep-2023 12:15:23 JST ins0mniak

     in reply to

     • Soy_Magnus
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @p @SoyMagnus @dcc @threat Yeah sorry Man, I was high af last night bro
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Thursday, 28-Sep-2023 12:15:56 JST † top dog :pedomustdie:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @SoyMagnus @threat @ins0mniak @p Sir have you tired coke yet
   • Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Thursday, 28-Sep-2023 12:18:18 JST Soy_Magnus

     in reply to

     • ins0mniak
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @dcc @ins0mniak @p @threat my nigga NNOOOOO i meat WAY too many junkies lol. The point is to have fun and make it out alive,not become what i scare off every night and day lulz
     † top dog :pedomustdie: likes this.
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Thursday, 28-Sep-2023 12:18:26 JST † top dog :pedomustdie:

     in reply to

     • Soy_Magnus
     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @SoyMagnus @threat @ins0mniak @p :walter_smug: Im having a little fun
   • Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Thursday, 28-Sep-2023 12:21:59 JST Soy_Magnus

     in reply to

     • ins0mniak
     • † top dog :pedomustdie:
     • тняэдт[₅₄₇₇₇]
     @dcc @ins0mniak @p @threat ah. Theres rumors some fat injin nigger here startedthat im on drugs and i have a handgun, so ive decided if anyone asks im going to tell them im addicted to huffing gasoline, smoking bath salt and fentynol. I figure thatll curb curiosities about me
     Kerokeronim and † top dog :pedomustdie: like this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 08:27:44 JST pistolero :thispersondoesnotexist:

     in reply to

     • Eòlach
     @eolach As a quick glance, FSE already falls afoul of "promoting self harm" (the UK Parliament should kill themselves) and depending on how toy define hate crimes, we might be illegal for that, too. Apparently there is an obligation to loginwall anything that has porn or bullying. I could get around the requirement to "filter out unverified users" by declaring everyone on FSE officially Verified. As far as the requirement to allow people to filter "content that does not meet a criminal threshold but promotes or encourages eating disorders or self harm, or is racist, anti-semitic or misogynistic", Pleroma comes with keyword-muting.
     
     I believe it only applies to businesses and only past a certain threshold, though, and FSE meets none of the criteria.
     † top dog :pedomustdie: likes this.
   • Eòlach (eolach@crlf.ninja)'s status on Friday, 29-Sep-2023 08:27:45 JST Eòlach

     in reply to
     Visiting freespeechextremist.com is probably gonna be illegal for me soon as you'll no doubt refuse to comply with the new online safety act in the UK @p. 🥴
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:07:32 JST pistolero :thispersondoesnotexist:

     in reply to

     • mia
     • Eòlach
     @eolach @mia You always untag active participants.
     † top dog :pedomustdie: likes this.
   • Eòlach (eolach@crlf.ninja)'s status on Friday, 29-Sep-2023 09:07:33 JST Eòlach

     in reply to

     • mia
     Is interacting with that PDF in any way going to be grounds for arrest?
   • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans: (allison@hidamari.apartments)'s status on Friday, 29-Sep-2023 09:07:34 JST :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:

     in reply to

     • Eòlach
     @p @eolach Rebellion against tyrants is obedience to God
   • mia (mia@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:07:34 JST mia

     in reply to

     • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
     • Eòlach
     @allison @p @eolach
     
     Glad you agree.
     
     This post is illegal in the UK, not sorry.
     militant_accel.pdf
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:07:35 JST pistolero :thispersondoesnotexist:

     in reply to

     • Eòlach
     @eolach Well, the government website was useless, but Wikipedia had some bits in there.
     
     > It also empowers Ofcom to block access to particular websites.
     
     That sounds fucked up. FSE might legit become impossible to view from the UK.
     
     > Within the scope of the Bill is any "user-to-user service". This is defined as an internet service by means of which content that is generated by a user of the service, or uploaded to or shared on the service by a user of the service, may be read, viewed, heard or otherwise experienced ("encountered") by another user, or other users.
     
     Looks like it applies to fuckin' email. Looks like someone typing "kys" on an IRC server is now a criminal in the UK. Apparently, the Wikimedia Foundation believes it applies to Wikipedia.
     
     > The duty of care applies globally to services with a significant number of United Kingdom users
     
     Yeah, I'd like to see them come grab my server. FSE's already illegal in at least Germany.
     
     I haven't read the bill yet, but it's apparently at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/985033/Draft_Online_Safety_Bill_Bookmarked.pdf .
     
     The definitions are pretty broad, just looking over the first section, and then Part 2 lists requirements for "regulated services", and FSE would fall under a regulated service, so unless there's some kind of exemption for something like fedi (it's half a fucking novel, it's entirely possible there's an exemption), FSE and most of fedi is illegal in the UK. Real bad situation for any fedi instance hosted in the UK.
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Friday, 29-Sep-2023 09:08:43 JST † top dog :pedomustdie:

     in reply to

     • mia
     • Eòlach
     @p @eolach @mia He thinks that @'s should not be in posts......
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:10:02 JST pistolero :thispersondoesnotexist:

     in reply to

     • ins0mniak
     • Kirino Kousaka
     • тняэдт[₅₄₇₇₇]
     @threat @Kirino @ins0mniak That's what private browsing mode is for!
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:10:03 JST pistolero :thispersondoesnotexist:

     in reply to

     • ins0mniak
     • Kirino Kousaka
     • тняэдт[₅₄₇₇₇]
     @threat @Kirino @ins0mniak That's bad opsec, you have to enable private browsing and put on the Guy Fawkes mask, otherwise you can't be anonymous.
   • тняэдт[₅₄₇₇₇] (threat@annihilation.social)'s status on Friday, 29-Sep-2023 09:10:03 JST тняэдт[₅₄₇₇₇]

     in reply to

     • ins0mniak
     • Kirino Kousaka
     @p @ins0mniak @Kirino so some senator can tell me i'm h4x0r?
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:10:04 JST pistolero :thispersondoesnotexist:

     in reply to

     • ins0mniak
     • Kirino Kousaka
     • тняэдт[₅₄₇₇₇]
     @Kirino @threat @ins0mniak All of us wear Guy Fawkes masks.
   • тняэдт[₅₄₇₇₇] (threat@annihilation.social)'s status on Friday, 29-Sep-2023 09:10:04 JST тняэдт[₅₄₇₇₇]

     in reply to

     • ins0mniak
     • Kirino Kousaka
     @p @ins0mniak @Kirino shvt, maybe in 2007. now we just dress like merc plumbers
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:10:05 JST pistolero :thispersondoesnotexist:

     in reply to

     • ins0mniak
     • Kirino Kousaka
     • тняэдт[₅₄₇₇₇]
     @Kirino @threat @ins0mniak I got my top dudes on it, we got Hoodie Guy, we got Japanese Girl, we got Vladimir Putin, and we got the self-hacking computer.
     hackerhoodieover9k.jpg
     hackintime.jpg
     putin_hack_the_planet.jpg
     self-hacking_computer.png
   • Kirino Kousaka (kirino@seal.cafe)'s status on Friday, 29-Sep-2023 09:10:05 JST Kirino Kousaka

     in reply to

     • ins0mniak
     • тняэдт[₅₄₇₇₇]

     No guy in Guy Fawkes mask? Good luck, man :/

   • Kirino Kousaka (kirino@seal.cafe)'s status on Friday, 29-Sep-2023 09:10:06 JST Kirino Kousaka

     in reply to

     • ins0mniak
     • тняэдт[₅₄₇₇₇]

     Dey pwned you n00b, you blew it, big style.

   • тняэдт[₅₄₇₇₇] (threat@annihilation.social)'s status on Friday, 29-Sep-2023 09:10:43 JST тняэдт[₅₄₇₇₇]

     in reply to

     • ins0mniak
     • Kirino Kousaka
     @p @ins0mniak @Kirino #usetorbrowsernowgoddamit!!!
   • pwm (pwm@crlf.ninja)'s status on Friday, 29-Sep-2023 09:10:53 JST pwm

     in reply to

     • mia
     • Eòlach
     @p @eolach @mia he's a bit special
     † top dog :pedomustdie: likes this.
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:13:44 JST pistolero :thispersondoesnotexist:

     in reply to

     • ins0mniak
     • тняэдт[₅₄₇₇₇]
     @ins0mniak @threat Has subsided today.
     † top dog :pedomustdie: likes this.
   • Eòlach (eolach@crlf.ninja)'s status on Friday, 29-Sep-2023 09:19:21 JST Eòlach

     in reply to

     • احمدابن محمد الخيام

     Nah, I don’t glow in the dark. (Yet)

   • pwm (pwm@crlf.ninja)'s status on Friday, 29-Sep-2023 09:19:21 JST pwm

     in reply to

     • احمدابن محمد الخيام
     • Eòlach
     @eolach @sysrq
     † top dog :pedomustdie: likes this.
   • احمدابن محمد الخيام (sysrq@freespeechextremist.com)'s status on Friday, 29-Sep-2023 09:19:22 JST احمدابن محمد الخيام

     in reply to

     • mia
     • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
     • Eòlach
     @mia @allison @eolach @p
     :glowinthedark:
   • ≠ Brett Stevens ≠ (amerika@freespeechextremist.com)'s status on Friday, 29-Sep-2023 10:56:53 JST ≠ Brett Stevens ≠

     in reply to

     • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
     • Eòlach
     @p @allison @eolach
     
     Allahu Ackbar! (boom)
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Friday, 29-Sep-2023 10:56:53 JST † top dog :pedomustdie:

     in reply to

     • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
     • ≠ Brett Stevens ≠
     • Eòlach
     @amerika @eolach @p @allison :no_virgins:
   • pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Friday, 29-Sep-2023 10:56:54 JST pistolero :thispersondoesnotexist:

     in reply to

     • :blobancap: :blobcattrans: :blobancap: :blobcattrans: :blobancap: :blobcattrans:
     • Eòlach
     @allison @eolach Clearly God is on FSE's side.