httpd.net/foonet/cit down? [merged]

Portal Home > Knowledgebase > Articles Database > httpd.net/foonet/cit down? [merged]

Posted by sysc, 02-14-2004, 01:15 PM
Anyone know why? Cant get anyone on the phone.
Posted by Tmonster, 02-14-2004, 01:51 PM
What happened again. Whole network including all upstreams are down. All clients as well. They don't answer phone and email. Does anyone know something about that?
Posted by mainarea, 02-14-2004, 01:53 PM
Their IPs are not being advertised... 1 209.120.238.1.gw.yipes.com (209.120.238.1) 0.709 ms 0.619 ms 0.527 ms 2 66.7.164.65 (66.7.164.65) 1.387 ms 1.503 ms 1.162 ms 3 dllstx9lce1-7-0.wcg.net (64.200.226.117) 1.208 ms !H * 1.412 ms !H 1 ge-6-0-core.scr1.hostnoc.net (66.96.192.1) 0.328 ms 0.485 ms 0.454 ms 2 66.197.191.46 (66.197.191.46) 5.483 ms !H 5.631 ms !H 5.489 ms !H Traces go nowhere. - Matt
Posted by thedavid, 02-14-2004, 01:55 PM
And moved...
Posted by Tmonster, 02-14-2004, 06:44 PM
Just catched their CEO. it is force majeur downtime. They do the best to fix the problem.
Posted by drhonk, 02-15-2004, 01:59 AM
hmm.. get this news from some ppl. "Foonet will no longer be providing Dedicated Server Hosting. All machines were powered off and taken off site for disassembly."
Posted by sev, 02-15-2004, 02:16 AM
rumor has it, the FBI are on site and disassembling the 'datacenter' - from what i hear, it has to do with hosted ddos nets (?). bad news if this is true, let's hope it's not..
Posted by drhonk, 02-15-2004, 02:20 AM
That is true, you can get more info from their irc channel #foonet on efnet.
Posted by EasyNetwork, 02-15-2004, 02:38 AM
To view foonet's update status visit: http://tinyurl.com/2s5pg or #foonetnews on EFNET network.
Posted by LP-Trel, 02-15-2004, 04:32 AM
http://www.easynetworknyc.com/foonet/ Just pulled it off of #foonet. Just thought it might be of interest to customers of foonet.
Posted by HSHIHAN, 02-15-2004, 04:49 AM
I have a server with CIT, it's been very good in the past whole year. Now it seems that the network is down, I can not visit my server, I can not visit CIT's homepage httpd.net or foonet.net , I can not get in touch with them on AIM, I can not send emails to their email boxes or mail pagers, all the messages sent to them were bounced back. Does anybody here have servers from CIT too? Could anybody tell me how to get in touch with their support? Thank you. HSHIHAN
Posted by life4death, 02-15-2004, 04:51 AM
I heard FooNet is gone anyone confirm?
Posted by Detroit Red, 02-15-2004, 04:53 AM
Either way, it looks like FOONET is down until they either move the servers out of Paul's basement into a datacenter, or they are going to just be down for who knows how long..
Posted by thedavid, 02-15-2004, 05:00 AM
Moved/merged to the network outages and updates forum...
Posted by thedavid, 02-15-2004, 05:03 AM
Merged another thread. Responding so those individuals know about it.
Posted by Tunnah, 02-15-2004, 08:19 AM
from reading the chan on efnet, it was raided by the FBI and each server has been taken to be checked over - the main suspicion atm is kiddie porn was being hosted, which is more believable than ddos nets, as i can't see the FBI shutting down a DC over ddos nets :p
Posted by seg fault, 02-15-2004, 08:33 AM
Been informed that if you need your drive mirrored to contact the following; Mr. Robert White rwhite@fbi.gov
Posted by EasyNetwork, 02-15-2004, 09:33 AM
It been now confirmed they are closed complitely no ETA on nothing. They are gone. I keep you updated.
Posted by Knogle, 02-15-2004, 09:52 AM
seg fault: Where did you get that information/contact from?
Posted by Bashar, 02-15-2004, 11:17 AM
infact its rwhite3 at leo.gov
Posted by Joshua, 02-15-2004, 12:12 PM
Doesn't look too good... -Josh
Posted by Tom O'Connor, 02-15-2004, 01:33 PM
I came across this, I am not stating it is true or not as I do not have the facts, I am making viewers aware of what I found just on the website below. http://www.easynetworknyc.com/foonet/
Posted by coight, 02-15-2004, 01:41 PM
Wow!
Posted by blockcipher, 02-15-2004, 01:53 PM
Whoa!
Posted by nkisberg2000, 02-15-2004, 01:59 PM
I came across that earlier... interesting.
Posted by Ash, 02-15-2004, 01:59 PM
yikes! TemplateMonster and BoxedArt are (were) at foonet
Posted by dsotmoon, 02-15-2004, 02:04 PM
wow!!! boxedart... TM is up
Posted by maxhest, 02-15-2004, 02:19 PM
That ain't cool..
Posted by RackMy.com, 02-15-2004, 03:11 PM
Interesting. I was reading http://foonet.netfirms.com/ from a quick search.
Posted by Dragoon, 02-15-2004, 05:28 PM
That's old news. It's been discussed on WHT serveral times in the past. I'd be interested to know the truth as to why they were raided/closed. The FBI certainly hasn't taken much interest in DoS attacks in the past. Besides, the FBI doesn't just storm a place of business and seize everything from one day to the next. Usually actions like this are the result of an ongoing investigation. I hope Paul already got the cash for the sale of the business.
Posted by wheimeng, 02-15-2004, 06:05 PM
Wow, this is a terrible news for all.
Posted by wheimeng, 02-15-2004, 06:14 PM
BTW, is Paul involved in this? Things don't seem to go well after the acquisition.
Posted by Tmonster, 02-15-2004, 06:23 PM
Just got insider news. Since FBI took all servers they ordered new ones end on Wednesday will go online again.
Posted by CMH, 02-15-2004, 07:07 PM
I was reading here more about foonet http://www.easynetworknyc.com/foonet/
Posted by Haze, 02-15-2004, 07:35 PM
Source: http://www.cithosting.com/
Posted by EasyNetwork, 02-15-2004, 08:56 PM
Update is posted. FROM CIT.
Posted by Aussie Bob, 02-15-2004, 09:34 PM
So the FBI can just wonder in and seize all the servers, looking for one or 2 offenders? That's absolutely insane! [edit] sorry if my post is not appropriate in this section. It's just I feel for the business owners.
Posted by GoTek-JP, 02-15-2004, 09:49 PM
We don't know what happened.. I don't think the FBI would seize all servers if they didn't have some serious motives to do so. Maybe it was because of the lack of cooperation from the Foonet staff, or the continued complaints received against Foonet which at the end caused this so I would wait to have more information about what exactly happened. Personally I visited their channel on EfNet and some kids were having fun talking about DoSing the FBI and one of them even took credit of bringing down NSA.gov (the site was down when I tried to access it coincidence ?).
Posted by SeanK, 02-15-2004, 10:00 PM
Below are statments from staff and friends of foonet and CIT. My question is who has been affected by this and do they see a fast outcome for the return of their servers. Also what do you think is going to happen to foonet because of this? ====================== From CIT/Foonet Dear Customers of FOONET/CIT: We regret to inform you that on Saturday February 14, 2004 at approximately 8:35 am EST, FOONET/CIT's data center in Columbus, Ohio temporarily ceased operations. Here are the facts of what occurred: The FBI executed a search warrant issued by the United States District Court for the Southern District of Ohio regarding the IRC network that we host. According to the warrant, it appears that the Bureau is investigating whether someone hosted on our network hacked and attacked someone else. After several hours of attempting to track down, inspect and audit the terabytes of data that we host, the FBI determined that it was more efficient (from their point of view) to remove all of our servers and transport them to the FBI local laboratories for inspection. This was completed at 7:00 pm EST same day. The FBI has assured us that as soon as the data has been safely copied and inspected, the equipment will be promptly returned. Unfortunately, the FBI has not been able to tell us when they will be completed with their inspection. We have been told by the Special Agent in charge of the investigation that If you need access to your data you are asked to please contact the Bureau via email to rwhite3@leo.gov. Make sure to include in your email your name, mailing address, and telephone number with area code. Since we wish to focus 100% of our efforts on restoring services, we would appreciate it very much if you do not attempt to contact us directly. Please rest assured that we are doing everything possible to restore service to you as quickly as possible. To the many who have inquired, Paul and family are OK, although shaken by these events. They are at home and awaiting the blessed event of their new child's birth. We thank you for your good wishes and prayers. Please check back here often. Through this site, we will keep you informed of ongoing developments as we know them. Thanks again for your understanding. From foonet channel! 18:47] -MainFrame- Welcome to #foonet - Present Status is OFFLINE - ETA UNKNOWN [18:47] * Phrost has joined #foonet [18:47] -MainFrame- There is No Official Statement at this Time --- The Final Outcome of Foonet is Unknown -- If you are a direct Consumer Please Make attempts to Contact Paul for Answers -- We are Not Foonet/CIT Staff but are doing our Best to help out in this most troubling Time [18:47] -MainFrame- If you are a Direct Consumer of Foonet then Please attempt to Contact Paul for more Info
Posted by Haze, 02-15-2004, 10:10 PM
Bob: I'm not sure if the site's info is 100 % correct, it does smell fishy of course. One of my sources close to foonet seems to think its bull, and i don't doubt it. Its still unclear exactly whats going on, there is NO official word.
Posted by AKavanaugh, 02-15-2004, 11:36 PM
Sounds like regular foonet information disclosure to me. The outage was first said to be a fiber cut, then it was said to be a power outage. Members of CIT's "staff" were even telling people to leave the channel or be quiet when they mentioned an FBI raid, as according to them, it was not true. Now we all wake up to the news of an FBI raid, hosted on one of CIT's domains. I smell something fishy, and for once it's not the city I live in.
Posted by AKavanaugh, 02-15-2004, 11:38 PM
Merge with other post in Outages forum?...
Posted by RackMy.com, 02-16-2004, 01:52 AM
Not to me :0
Posted by okihost, 02-16-2004, 03:21 AM
Anyone know why they were closed?
Posted by EasyNetwork, 02-16-2004, 03:32 AM
Page is updated with CIT letter now. Looks like they not coming back (?) for a while.
Posted by thedavid, 02-16-2004, 03:53 AM
Merged another with the outages and updates thread.
Posted by Knogle, 02-16-2004, 06:07 AM
I find it outrageous that the FBI can just interrupt operations of many other critical websites. Fine, there may be offenders, but that does NOT warrant interrupting other services.
Posted by palash, 02-16-2004, 07:18 AM
what is latest now? any update?
Posted by TMX, 02-16-2004, 01:21 PM
Nobody - not you, I, or anyone else - can make that call until the whole story is known. -B
Posted by ryan1918, 02-16-2004, 04:49 PM
http://www.ryan1918.com/modules.php?...rder=0&thold=0
Posted by ryan1918, 02-16-2004, 04:50 PM
They seem to say when they come back they will no longer host IRC related services, They will only be doing WEB Hosting, so much for that..
Posted by ryan1918, 02-16-2004, 04:52 PM
http://www.ryan1918.com/modules.php?...rder=0&thold=0 also They seem to say when they come back they will no longer host IRC related services, They will only be doing WEB Hosting, so much for that.. meh ;/
Posted by thedavid, 02-16-2004, 04:55 PM
Merged another thread.
Posted by ryan1918, 02-16-2004, 05:06 PM
If I recieve anything from the admin I will update the article as soon as the news is recieved I know a few of them personally, So check back I guess.
Posted by ryan1918, 02-16-2004, 05:08 PM
If I recieve anything from the admin I will update the article as soon as the news is recieved I know a few of them personally, So check back I guess.
Posted by Mrdredd, 02-16-2004, 05:35 PM
Can anyone post a summary of what happened and why the FBI raided the place? Im not at home and the laptop I have use of atm is horrendously slow.
Posted by relichost, 02-16-2004, 06:11 PM
actually both work
Posted by EasyNetwork, 02-16-2004, 06:22 PM
Someone was running DDoS drones on few of their servers.
Posted by EasyNetwork, 02-16-2004, 06:32 PM
Yep both of them work.
Posted by ryan1918, 02-16-2004, 09:57 PM
actually paul told no one the actual reason because the fbi says hey will charge them if they disclose anything so that is not what it is, but i would guess most likely it was that but i highly doubt paul said that to anyone.
Posted by amc-james, 02-16-2004, 09:59 PM
yeah perjury is a serious offense. i'm sure the FBI wouldnt take it too kindly.
Posted by portalplanet, 02-16-2004, 10:05 PM
Bad for them good for me I guess Got a new client from the shakeup today. Justin
Posted by Shrink, 02-16-2004, 10:07 PM
I believe there are multiple legal issues invovled. As it is, the servers should be back within a week at max ^_^ Evidence is hard to come by these days ---SDN---
Posted by Mrdredd, 02-16-2004, 10:17 PM
who the hell did they hit to get the heat on them? It cant be just bots - I have a feeling of what it is, and its a lot more worse than bots, but we'll see. They had TONS of bots on their network, I know that - but I dont think its because of the drones. They had boxes which were rooted(or not?) that had huge capacity that were never shutdown and were being raped with illegal deeds.
Posted by ryan1918, 02-16-2004, 10:21 PM
I would also assume it was more larger scale for them to raid the entire datacenter, and so quick about taking the servers out of the place and into the fbi labs, So maybe something to do with someone from the inside, or something more then that, because to take all the servers and not just single ones is kind of alot.
Posted by portalplanet, 02-16-2004, 10:56 PM
Yep I agree with it being big. The client I got had a colo server with them that was seized in the raid. Justin
Posted by EasyNetwork, 02-16-2004, 11:00 PM
Within a week max? I dont count on it FBI wont hurry they take their time.
Posted by AKavanaugh, 02-16-2004, 11:17 PM
The question now: Since quite a bit of that hardware that was seized was legal property of customers (Colocation customers); can they request to see the warrant that was issued for the confiscation of THEIR hardware.
Posted by rusko, 02-16-2004, 11:21 PM
there were a few rumours of paul ddosing competitors to demonstrate foonet's superiority. maybe they are true, after all? dont ya love rumours =] paul
Posted by Shrink, 02-16-2004, 11:35 PM
In colocation customer cases, you have a legal right to see the warrent in most countries. The FBI are a bunch of overpaid hypocrites. Their cyber crimes department is a joke compared to the many other agencies world wide. The problem is, it depends on what they are looking for. If they are looking for hacker activity, which I very much doubt, since a warrent for the physical hardware would be hard to obtain since it would be based on round table evidence. But if this is what they are looking for, it would take them months, perhaps a year to sift through all the information. The most likely option, and the probability would point to would be fraud or illegal government files. Last edited by Shrink; 02-16-2004 at 11:39 PM.
Posted by rvrsl, 02-17-2004, 12:35 AM
Well, I am one of the hundreds of businesses who have been victims of this disgusting event. Stupid as I am, I haven't done a backup for approximately 3 months so I have basically lost most everything and the chance of me getting it back before 3/4 of my customer base cancels, is fairly slim. I can't see any possible scenario where law enforcement would need to take down an entire datacenter and ruin service for probably 10,000 or more people while basically significantly impacting businesses and companies. Does the Federal Government have no respect for legitimate business? This is like quarantining and shutting down an entire shopping mall because they have evidence of activity from one store. It disgusts me to the fullest extent and I do believe I'm going to seek legal advice. Considering I have spent the last year building my business to what it is today and their actions have single handedly destroyed what I have created by no fault of my own. I don't believe (legal-wise) this was handled like it should have been or could have been.
Posted by ddosguru, 02-17-2004, 01:26 AM
I can almost promise you all that it is something quite serious. We were raided once, and they only took one server and returned it the next day. Before doing so, they did an extensive amount of research to determine that it was the correct server and to ensure that it was the only one touched during the raid.
Posted by datums, 02-17-2004, 01:41 PM
Has anyone got any feed back from the .gov addresses posted ? 1) Have they confirmed that they have your server(s) ? The raid of a data center seem a bit strange, but there is always a first time for everything. Did they have their own true facility ? or cages in a datacenter? Anyone live near by ? Wanna take a walk and provide feedback? Cheers
Posted by EasyNetwork, 02-17-2004, 02:36 PM
Well as far as i know paul is not beeing charged with anything right now. MAYBE after invistigation by FBI something will happen. What people think right now is that some packet kiddies were running alot of drones on foonet server (IRCD) and someone gave paul complaints to shut it down but Paul didnt take any action. Thats where FBI stepped in. Rumons go around like post above that paul ddosed competiton. It might be true or his packet kiddies freinds were doing it instead of paul. But i dont want to spread rumors. I will not deal with foonet again they can't be trusted anymore from my opinion. But we will find out how this goes and hopefully we get information on what happened from FBI. Many people hate paul right now because it looks like its all his fault for not taking action against abusive users. And people who got their servers taken are very upset because their customers and business pretty much ruined. I had gotten ALOT of hits on foonet update page and ALOT of e-mails some with questions some with threats to Paul. So people are very angry. I want also people to stop e-mailing me asking me to put them on webpage as alternetive providers. I do not have time for it. For latest news come to #foonetnews on irc.efnet.net.
Posted by EasyNetwork, 02-17-2004, 04:43 PM
No it was in Pauls (owners) basement (of his house).
Posted by cleblanc, 02-17-2004, 08:02 PM
Hello, We were in contact with Agent White earlier today. They did confirm that they had all of the hardware. They are apparently working 24/7 to mirror all the hard drives. In our case, we are the owners of the hardware and it is necessary for us to have the computers to continue operate as a business. Apparently, we will be receiving our hardware within a week of signing the waiver. The hardware will be shipped directly to us. Before the hardware is released, we are required to fill a waiver. Basically it says that we "waive the provisions of Rule 1002 of the Federal Rules of Evidence as it applies to the aforementioned computers which were seized by the FBI on February 14, 2004" The waiver also states that you "agree that the duplicate images of the hard disk drives of said computers created by the FBI on February 15, 2004 or later will be admissible as original evidence of the contents of said hard disk drives at any court proceeding relating to this investigation and further agree not to contest the admissibility of the contents of said duplicate images in any court proceedings which may result from this investigation" Apparently the basement was specifically built for the purpose of hosting servers. Everything was in racks. For those of you who are still waiting for their hardware, I recommend getting in touch with Agent White.
Posted by Shrink, 02-17-2004, 08:47 PM
See, thats why you have to love Canadian Law. All of our servers are encrypted, and you need a federal judge to sign a search warrent to take the servers off the promises. Federal warrents are very rare and hard to come by lol.
Posted by ryan1918, 02-18-2004, 01:22 AM
If you own equipment or want a image of your harddrive, please contact rwhite3@leo.gov.
Posted by bummer6666, 02-18-2004, 03:50 AM
that`s statement is quite incorrect. FBI agents make somewhere around 50K /year , I wouldn`t call that overpaid. Also considering constantly increasing work load in cyber crime field , I`d say they work very hard for their money. If you look what`s been happeing with DDOS, credit card fraud, kiddie porn, hacking warez etc in last couple years you`ll see that FBI has very tough job to do. As for Foonet , it`s very regretable what happened to them and especially to their clients. Hopefully FBI will return the servers very soon but on the other hand I wouldn`t hold my breath. We turned over 8 warez filled server to FBI 4 months ago so their could retrieve the logs and image the system drives and to this day we didn`t get our boxes back. From my point of view the criminal offence that has happened had to be very serious and wide spread throughout their network that it warrented the shut down of all of their servers. We have worked with FBI`s Cyber crime task force in Chicago on numerous ocasions and they usually ask to show/give them server which hosts the offending IP. Also they usually ask us not to interupt service for the offending client so they can monitor the activity. Having this experience I can`t really imagine what was the offence that caused the shut down of all the servers just my 2 cents
Posted by RossH, 02-18-2004, 03:54 AM
One IRCD filled with ddos bots got an entire DC shut down. No thanks not buying that guys. My suspicion is that it would be have to be rather rampant onb the network or paul would have had to be involved to get the entire network shut down.
Posted by EasyNetwork, 02-18-2004, 05:30 AM
They didnt know what box it was exacly or there was too many to go threw. Paul did ****** job monitoring his servers its obvious. (Or knew about everything)
Posted by Shrink, 02-18-2004, 08:38 PM
bummer6666 I was comparing them to other departments world wide. Overall the FBI's cybercrimes unit is understaffed, underfunded and IS a joke. Most agents that work directly with cybercrime make around $112,000. I'm not refering to outside agents that are invovled in busts or anaylsts.
Posted by NationHosts, 02-19-2004, 08:19 PM
How'd he run a DC out of his basement?
Posted by Jake Weg, 02-19-2004, 09:01 PM
actually FBI's cybercrime department has ALOT of smart people in it. The only real problem is he quantity of the agents not the quality.
Posted by Shrink, 02-20-2004, 02:25 AM
There are a lot of smart people everywhere. But what it comes down to, is the talented ones ^_^
Posted by Jake Weg, 02-20-2004, 02:34 AM
thats what im talking about. If you pay attention you might see a sign at a college near you for a lecture bya FBI CyberCrime guy where they explain what they do etc. Really intresting stuff granted they send the smarter/talented ones to lecture but the whole operation sounds good imho.
Posted by Aussie Bob, 02-20-2004, 06:46 AM
Connectivity in >> Racks >> networking equipment >> backup generators >> servers. Come on, we all secretly dream of running a DC in our basements.
Posted by EngineHost, 02-21-2004, 03:36 PM
it would be pretty cool to have that fast line for checking email and sites at home!
Posted by NationHosts, 02-21-2004, 07:29 PM
I don't think it's a very good idea. What if your moving? Basements do have their share of problems. What if theres a flood? You have kids and their playing soccer in the basement? That whole kind of thing, I just think servers should have their place seperate from a basement.
Posted by portalplanet, 02-21-2004, 07:36 PM
I agree with you NationHosts. While it might seem cool and all to run a datacenter out of your basement there are floods.. What about burglaries or fire? Justin
Posted by Synwave, 02-21-2004, 07:49 PM
If you take all these things into consideration before you set it up then I dont any problem with it. Regards, Synwave
Posted by Haze, 02-21-2004, 07:55 PM
Well.. we don't exactly know what the setup was like do we? From what I hear, the basement was "purpose built". I'd take that as meaning he had measures to prevent floods and whatnot. I doubt he'd let the kids play soccer in the server room
Posted by NationHosts, 02-21-2004, 08:28 PM
Hope he had eyescanners to enter his basement and armed security.
Posted by Dave W, 02-21-2004, 08:47 PM
I bet if the DC was not located at his home then it would have been much harder to seize all of the servers...
Posted by DynamicHost, 02-24-2004, 09:52 AM
This just got Slashdotted: News Story
Posted by Defiler, 02-24-2004, 10:00 AM
..and what if the FBI raids you while you are watching your favorite TV show?
Posted by EasyNetwork, 02-24-2004, 11:57 AM
New update read: http://easynetworknyc.com/foonet/
Posted by 2Grumpy, 02-24-2004, 01:15 PM
I've said it several times since this story broke, I'll say it again. There is more, probably WAY more to this story than "some kiddie porn" or hackers on their network. A "few hours" to get the data? Sounds like foot dragging to me. "isn't standard procedure" heck no it isn't if you cooperate... I smell something, and it ain't government pork... Sounds like from reading around, that foonet was a haven for irc warriors, script kiddies, hackers, carders and the general dregs of the internet. Hopefully other providers that may be a bit "friendly" to this sort of thing will see this and get a clue. This crap is serious and eventually you might gain the attention of someone who CAN do something about it (FBI/etc). I'm sure as time goes on more of this will become known but right now my bets are on foonet being part of the problem and the FBI quickly figured that out and said "ya know what, let's just take it all".
Posted by 2Grumpy, 02-24-2004, 05:32 PM
Hmm some interesting reading, seems about a week before all this went down GBLX yanked their pipe to foonet: http://groups.google.com/groups?hl=e....phx1.gblx.net And it seems ahbl.org is glad to see foonet down and out: http://www.ahbl.org/ Here's a quote for the links to the supporting data visit the www.ahbl.org url.
Posted by DeltaAnime, 02-24-2004, 06:28 PM
Actually, there seems to be more stuff behind the IRC botNET deal. irc.MircX.com has been shutdown for good a couple days ago, due to extreme DDoS attacks. Supposidly, there was 200,000 bots that just slammed their server. http://www.dslreports.com/shownews/39381 Take it for what it's worth, of course. BTW, CJB is the name of the dude who owned/ran MIRCX ~Francisco
Posted by EasyNetwork, 02-24-2004, 10:00 PM
Stop spreading rumors Btw http://www.ahbl.org/ is runned by packet kiddies also *waves to trelane*
Posted by Annette, 02-24-2004, 11:25 PM
That will be news to Brian, I'm sure.
Posted by 2Grumpy, 02-24-2004, 11:29 PM
"also" meaning that foonet was run by hax0rz too?
Posted by DeltaAnime, 02-24-2004, 11:57 PM
-points at the 'take it for what its worth' part ~Francisco
Posted by EasyNetwork, 02-25-2004, 12:02 AM

Posted by frozen, 02-25-2004, 11:24 AM
Maybe this is wrong of me, but good ridance. I mean, I feel bad for all the innocent customers, but there is a lot of customers their that deserve this to happen. Maybe they did or did not get shut down for DDoS nets, but the ammount of DDoS nets they hosted was absolutely disgusting and as already mentioned, reporting them did no good.
Posted by sysc, 02-25-2004, 11:53 AM
^^ very true
Posted by Nessun, 02-28-2004, 04:15 PM
Supposidly, there was 200,000 bots that just slammed their server. think about that, if there was 200,000 different computers dosing 1 thing and each had a max upload of 15k just think about what that would be. MircX said at peak the dos was about 350mbit which is no where near 200,000 different computers uploading at even 1k each. More then likely 350mbit can be done by around 1000-3000 computers. Its funny how much overexaggeration is done.
Posted by EasyNetwork, 02-28-2004, 05:53 PM
I don't think they meant it as in same time. Probably 200,000 different IP's in total were involved in attack.
Posted by ChrisTech, 02-28-2004, 09:49 PM
[Quote} quote: -------------------------------------------------------------------------------- [20:01:36] only here cause cjb killed my 200k botnet [20:02:00] i returned the favor [20:02:08] by killing all *.mircx.com IRCD's [20:03:01] CJB reported duelelites.******** and the IP [20:03:06] which was on foonet [20:03:11] foonet got raided -------------------------------------------------------------------------------- [/QUOTE] Well that explains why I keep getting msged and flooded on EFnet (my nick on EFnet is VampYre and has been for about 2 years now). Grrrr....
Posted by DeltaAnime, 02-29-2004, 12:59 AM
are you sure that was to ALL of the servers? That might just been to the main MIRCX server, who know's what was kickin' the leaf's ***. Again, regarding that quote, no one's confirmed it either way, so as of right now, it's up in the air. EDIT - Also, what would stop someone from just loading multi bots on a single comp? He could of techically had 10 on one comp alone (though, i don't know why he would). ~Francisco
Posted by EasyNetwork, 02-29-2004, 01:18 AM
Umm.. what is the point of loading "multi bots" on infected computers to DDoS? Stats are based by IP anyways.
Posted by Nessun, 02-29-2004, 05:55 AM
1. Last time i checked not many cable users have more then 1 ip so if there using 200,000 different ips all windows users 99% just people on cable/dsl that dont ever touch their computer then my guesses of common sense would say that there was 200,000 computers. 2. mircx had 3 servers 2 were basically backups the other held everything and thats where the attacks were taken so that answers how I know it was what was hit considering they had no other servers not many other choices. 3. Clones would have same ip so that makes Absolutely no difference to the fact of the supposed 200,000 different ips. 4. I have been running an irc network for 2 yrs now and taken alot of different attacks I know about this stuff alot so at least think before questioning what I said about this stuff. On a side note this topic has gotten way off track. Last edited by Nessun; 02-29-2004 at 05:58 AM.
Posted by Cloudster, 02-29-2004, 06:50 AM
What dose IRC get attacks all the time?
Posted by DarktidesNET, 02-29-2004, 07:33 AM
I agree with frozen.
Posted by frozen, 02-29-2004, 09:20 AM
Why are you assuming they are all cable users(or even mostly)? We had a rash of DDoSing's to our company ahwile back, we also have had many DDoSing's to an IRC Network I was a founder of(but eventutally quit). Many of the IP's that attacked were allocated to very high speed computers and connections residing in datacenters across Korea and other Asian countries. Just a note. Two years is not a lot of experience when it comes to IRC or DDoS. I can assure a lot of the people in this thread have been dealing with DDoS and/or IRC for quite a bit longer. Does that make them better or mean they can't be questioned? No way.
Posted by Bashar, 02-29-2004, 11:27 AM
imagen drones from 100 cable modems what can they do what about 1000 ? man i've seen kids with 2000+ what about pros ? and for why do they attack, its because they want to drop that irc network and have their network grow.
Posted by EasyNetwork, 02-29-2004, 12:51 PM
Exacly, maybe that kid had loads of dial up drones that dropped out after certain time then reconnected and continued attack with new ip. He can also had exploited one big network with lets say T1 connection with 1K of computers connected to it that wont produce alot of BW for attack but it will show 1K of ips from same exploited net range etc.
Posted by Nessun, 02-29-2004, 04:18 PM
4. I have been running an irc network for 2 yrs now and taken alot of different attacks I know about this stuff alot so at least think before questioning what I said about this stuff. I can assure you I didnt come onto the IRC scene and say hmm I think I'll start a network now that I'm here. Note where it says I have been RUNNING an irc network not just been on irc for 2 yrs there is a huge difference. Also considering my irc network is in the top10 of over 600 networks with an estimated 25,000+ users I would say I have done quite well in the irc scene.
Posted by bruns, 02-29-2004, 04:26 PM
Yeah it is, considering I'm not a packet kiddie, nor is trelane. Yes, there are alot of rumors going around, but remember that rumors aren't always true. I feel no remorse for Foonet or the packet kiddies that lost their DoS nets and l33t hax0r domain names for IRC use. I'm just happy to see it over with finally. Brian
Posted by EasyNetwork, 02-29-2004, 04:34 PM
Wheres trelane at anyways?
Posted by frozen, 02-29-2004, 04:34 PM
Well considering your network is 95% Warez(consisting of many xdcc bots, which btw are mostly compromised windows boxes) I don't find it all that impressive. http://irc.netsplit.de/channels/?net=Rizon
Posted by Nessun, 02-29-2004, 06:01 PM
actually more lik e 50% considering there is only 3000 channels and 1800 are anime and as said warez networks take more dos then any other which qualifies me to be more experienced so I dont care if you find it impressive or not this makes 2nd time that I will state this thread is way off topic
Posted by frozen, 02-29-2004, 06:21 PM
Then you are aware that many of those xdcc bots that are compromised boxes have the ability to DDoS and are used to do so quite a bit. I am not saying the ones on your network do, as I have never investigated any on your network, but I have found quite a bit of them that dub as both a file server and a ddos drone. I still disagree that it makes you "more experienced" then other persons here, and to say that you are is quite childish. Forgive me if I am wrong, but it seems most of your servers are rented or colocated, in which case the ISP is handling the DDoS. If I am off topic I apoligize.
Posted by Nessun, 02-29-2004, 06:33 PM
First I dont have the time or the patience to sit and watch all my users and make sure everything they're doing is good and peachy as I am sure you dont sit checking all your customers accounts to make sure there isnt 1 mp3 somewhere or anything to that nature. Next if you think the isps do 100% of handling the dos and they secure the boxes handle the firewalls remove all the botnets that are found on rizon etc. etc. etc. well then heres an eye opener THEY DON'T. As for any replies I'm done replying to this thread as firstly it has gone way off topic and secondly as you said im childish, I am going to do something you obviously couldn't and grow up and stop fighting/argueing over an obvious personnal matter in which is not needed especially in this thread. If you want to reply to me and actually talk click my profile if not sit and flame me all you wish but I will not be replying and will hopefully get this thread back on topic by asking: What is the latest news as to foonets plans I heard they were moving to chicago equinox and were going to be closing there irc network, any ideas on a time and if this is all true?
Posted by frozen, 02-29-2004, 06:39 PM
I was far from flaming you, and if I offended you I am sorry. As for foonet, two companies that my former IRC Network uses used Foonet and are back online with there webhosting boxes, but not IRC. I am not sure if this is being provided by Foonet, I'll email now and ask.
Posted by Website Rob, 02-29-2004, 07:36 PM
Seen a TV show the other day on how they caught mafiaboy back in 2000 -- responsible for bringing down Yahoo, Amazon, CNN and other major sites. Blew me away that he was a script kiddie, who would'a thought? After they determined the source of the DDoS attacks and before grabbing any hardware, a warrant was obtained to tap the line and record data inflow/outflow. After analyzing the data for a month or so they knew they had the right "place" but not sure "who" -- 3 or more separate computers were used in the house by different people. When they did seize the equipment they seized everything, so they could match their recorded data to the correct hard drive(s). Food for thought, for those Clients affected by the situation. The FBI have proof of something and now they are getting ready to lay charges. If you have a chance to get back your hard drive or data, I would suggest doing so through the correct channels and ASAP.
Posted by Annette, 02-29-2004, 08:55 PM
No kidding. I probably should have dropped you a line or pinged you in NANAE to tell you about your newfound status.
Posted by bruns, 02-29-2004, 11:24 PM
Heh, well, I was looking at referrer logs, and I noticed that people were coming to the main page via this thead, so I was curious. And low and behold :-) But, its ok. Heh, interesting to see how people took our view on FooNet.