To all AnonX Users,


The AnonX system hand a temporary outage last weekend from Sunday night to Monday morning due to a denial of service attack from IRAN. We have corrrected the problem by:

1. Changing our inbounded IP addresses.
2. You will also notice that the IP address that you login into is different than the one that is going outbound. The outbound IP addresses have mutliple fail overs if some try's this style of attack again.
3. Three of our four teir one providers have placed the neccessary safety measure in place to block this attacks. The fourth will have the safety measure in place soon.
4. We have also, but the neccessary safetly precautions on our routers to prevent this from happening again.
5. We also replaced ALL NIC cards in every piece of equipment, just in case some tries to block us by MAC address. (This is standard every few months anyways)


Now, for the curious users. The attack originated in IRAN and the US government worked some impressive miricales to shut down the users responisble for the attacks. Evidently, some IRAN citizens where using AnonX to surf PRON and internet BIBLES. Their government to GREAT offense to these activity. At first they blocked our IP address from entering or leaving the country. Well we had several customers in IRAN complain that they could not get access to AnonX from IRAN so we set them up with some new addresses to get into the AnonX server farm and that is when the GAME ON changelled to IRAN started. This pissed of their government and they started attacking us. Well after a few calls to my friends at an ISP which controls the largest percentage of dark internet fiber in the US. They got into touch with the necessary government agencies and all has been taken care of. Way to go us Government for fighting the GOOD fight.


We appologize for any down time that you may have experinced. Also, if you are experincing a lower level of service than before last weekend. Please e-mail AnonX tech Support ( [email protected]) We are still fixing a few bugs with the outbound roll over.


Thanks for using AnonX and we look forword to serving you in the future. We can now go back to reseach and developemnet on making AnonX a better system for you.


PS. This will make some of you unhappy to know. I put the PeerGaurdain Block list in place while the US government was helping us. This is temporary and I will remove it in the upcoming weeks.

thx for the follow up :lol:

Originally posted by AnonXO@19 January 2004 - 13:12
Evidently, some IRAN citizens where using AnonX to surf PRON and internet BIBLES.
eerr.....u spied on them?????? :lol: :lol: :lol:

reading bible i know but surfing porn WHILE reading bible......god is gonna spank ur ass!!! :lol:

EDIT: and one more thing....how'd the Iranian gov know what they r surfing? I thought the traffic is encrypted? :blink:

My ass in encrypted!
even the hunter became the ...what is it agian? o yea hunted.
Even my basic firewall blocks the worzt ddos attack.
:o ooooooooooooooooooooooooo AnonXO got ...
probably they just had rapid internet traffic, which thier defend systems recognize as a ddos attack. Reading bibiles in IRAN?
99.9% of pp there are not Christians.

Originally posted by supersonic@29 January 2004 - 22:22
My ass in encrypted!
even the hunter became the ...what is it agian? o yea hunted.
Even my basic firewall blocks the worzt ddos attack.
:o ooooooooooooooooooooooooo AnonXO got ...
probably they just had rapid internet traffic, which thier defend systems recognize as a ddos attack. Reading bibiles in IRAN?
99.9% of pp there are not Christians.
99% of them are Muslim which means they have a Koran, and pray to Allah three times a day. ;)

Yeps I know. :smilie4:
note: it's 5 times a day if I'm not mistaken

Originally posted by supersonic@29 January 2004 - 22:31
Yeps I know. :smilie4:
note: it's 5 times a day if I'm not mistaken
Yeah, five is correct. :frusty:

Originally posted by supersonic@29 January 2004 - 22:22
Even my basic firewall blocks the worzt ddos attack.
The goal of a DDoS attack isn't to 'break into' your computer, which your firewall is blocking.

It is to USE UP as much as possible of the bandwidth your connection has.

If your connection is receiving 100 mbps of internet DDoS attack traffic, even if your firewall 'blocks' it from getting into your computer... I imagine you'd have immense trouble just surfing the internet. It may even be BAD enough to affect EVERYONE in your area on the same ISP.

I'm on ComCast cable, and the ISP branch I'm in only has about 100-200 mbps. (3 E-3/T-3 class lines.)

*post deleted*

There are many christians in Iran and Iraq and various other countries around there, but they meet in secret for fear of their lives.

That is not true, I used to live there (ir@q) and everything was usual, but i dunno about know, since everything is mucked up.
btw: Switeck, when the firewall blocks these connections, it will not affect ur bandwidth, but it wil afect the bandwidth of the 1000 victim attackers that are compromized to attack a specfic comp.
It is not true that ddos attack is not made to break into ur comp. dos and ddos attacks are used by the #### to take SPECIFIC information about the attacked computer(s), like whatever they wanted, if u r not protected ofcourse. The attacks wil affect the network traffic as whole, but not ur comp. if the firewall is blocking and doing it's job.

Originally posted by supersonic@1 February 2004 - 16:26
btw: Switeck, when the firewall blocks these connections, it will not affect ur bandwidth, but it wil afect the bandwidth of the 1000 victim attackers that are compromized to attack a specfic comp.
It is not true that ddos attack is not made to break into ur comp. dos and ddos attacks are used by the #### to take SPECIFIC information about the attacked computer(s), like whatever they wanted, if u r not protected ofcourse. The attacks wil affect the network traffic as whole, but not ur comp. if the firewall is blocking and doing it's job.A local firewall, such as a router or software firewall on your computer, is nearly worthless against a DDoS attack. Once the traffic reaches your router, it's ALREADY used up your download bandwidth. However, if your computer is "stealthed", it won't be replying back to any of the DDoS attack ip packets -- thus preserving some/most/all of your upload bandwidth. But even if your ISP can manage the traffic coming in, (their local internet gateway may be overloaded by it too!) they'll be tossing at random almost everything bound for your computer. In short, it will make web surfing slow to impossible.

Distributed Denial of Service attacks are just that, and that only, they try to deny someone the ability to use their internet connection. They are not in and of themselves made to 'hack into' computers. This is what the newspapers typically mean when they talk about 'such and such company' was knocked offline by internet hacking attack. Oftentimes, the datapackets used give the wrong packetsize (typically overlarge) to cause even more slowdowns (due to the processing needed for each packet) or are outright corrupt -- often with forged headers and 'impossible' values.

Much of the time, DDoS attacks are done by 'script kiddies' rather than evil hackers with real talent -- at least if it's done against individual users such as you or I. They use already-made programs specially designed for the purpose. Basically, trojans and viruses in other words -- although their master program may be a little more complex than the trojans/viruses on the zombie computers (these are the infected computers of unwitting users.)

Having said all that, DDoS attacks can often be a masking attack for a REAL hacking attempt. That way, the hacker hopes to hide their malicious activities within the mountain of DDoS traffic. Some of the zombie computers may even be used as proxies for the real hacking attack -- thus possibly dragging those unwitting virus-infected victims into court for hacking offenses, since it will look like THEY did it! Although charges are almost certain to be dropped (the "virus defense" has become quite a strong one lately due to public ignorance even among judges), any active criminal investigation that goes through your private affairs will still have repercussions that aren't likely to be beneficial...

Well it would be nice if AnonX would actually work better and perhaps maybe it will someday...

Originally posted by REALITY@2 February 2004 - 11:30
Well it would be nice if AnonX would actually work better and perhaps maybe it will someday...
I guess that no service is perfect, but AnonX is the best that I've seen that is available. :)

You said it Mobas.

Keep up the good work anonx :)

TD

Perhaps but I can longer upload anything at all with AnonoX and would really like to find a solution...

That's strange. I have no problems with upload. It only affects my download, but that has gotten a little better.

Is it just with IRC?

TD

NO, Everything...

Reality, if you can't upload anything through AnonX. then the problem has to be on your end (maybe a firewall or router) is causing your problem. I sure don't have any problems with uploading.

I'm sure you contacted AnonX customer service about your problem?

ROFLMAO wut a naive kid....

I have received messages from a few AnonX users concerned about the Iran DOS attack. Here is a breif summary of what happened.


The Iran clients (100+ users) contracted me out for the purpose of internet bibles. I beleived them. I have no reason not to. But they could have been hackers or using the connection for God know what and noone would have known.
Saying that US government informed me that the Iran government raided some of
the homes and found porn on the PCs. The Iran government assumes that they download the porn by using Anonx. No conceret proof was found.

The Iran government blocks porn, internet bibles, and proxy sites in general. They blocked the connection to the AnonX server baised on the large amount of internet bandwidth used. They didn't know what the connection was or was not. Iran over policed the connection. Everytime they blocked the Anonx proxy ip from Iran routers I gave the clients new ip addresses to use. Since I have 32 classes C around the world we were able to hop them around for months. Finially, the Iran government became very angery and decided to stop the reactionary tactics. They issued a denial of service attack from their country on every AnonX IP address they could find. At the time we only had 2X as much bandwidth needed to support all customers at 1.5Mbs. Today we have 12X as much bandwidth needed and many DOS security mechanisms in place.


--AnonXO


If you want more detial let me know and I will write up an offical press release and post in on PRWEB.

Are you saying that Iran themselves issued an attack on you (as in the govenment not just a group of people attacking togather from Iraq)? Whats to stop them from attacking you again? If this is the response you get from less liberal countries then what happens if a similar thing happens in another middle eastern country or a place like China who also dislike what you service may be used for? What happens if someone like the RIAA starts trying to do stuff like this? What happens if the U.S government (if your based in the U.S) decides that your service may be being used for illegal activities?

There are many ways to avoid a DOS attack and I have but all them into place.

1. Increase the bandwidth to 8X what is needed
2. Reconfigured routers to notice a DOS attack an immediately ignore all traffic originating from that ip
3. Put ICMP traffic at the lowest priority and increase other "usefull traffic" to the highest prioperty. Therefore the attacks will be less effective with the more p2p users that are on.
4. Set up block list of known attackers.
5. Reconfigure server farm to load balance "usefull traffic" and dump unwanted traffic into the bit bucket
6. and a few more tricks.

:ph34r:

I finally narrowed my problem down to Zone Alarm, even after changing settings
to medium, low and even turning it off I still could not upload. I even
opened PPTP and GRE ports and even went as far as to install Zone Alarm
completely and yet I continued to have the same issues.

I recently had a an OS crash and after reinstalling decided to wait on Zone
Alarm for last. Well oddly enough all uploads with AnonX are now fine, and
thinking back I remember that all my problems started after installing Zone
Alarm. Needless to say even though I really like Zone Alarm I no longer use it.

Apparently as mentioned to me by tech support after finding the culprit that ZA manipulates CMD.exe table and sometimes setting in there do not get changed correctly. In short I always felt like my settings were on high even though they were not...

Originally posted by NightStalker@30 January 2004 - 07:28
99% of them are Muslim which means they have a Koran, and pray to Allah three times a day. ;)
3 time pray is not correct, orginal and almost all muslims pray 5 times a day. th iranian muslims r little missed up in thier thoughts :lol:, they have missed up everthing in islam relgion (quran, pray,...).