Links about th3j35t3r

Update: Wikileaks Attack 11-28-10

I seem to have better information than any news articles I have seen about it. This is not a DDoS. It's a single attacker, sent through Tor or some similar anonymizer, if it's the same Xerxes tool the Jester demonstrated in the video linked below.

The Jester frequents irc.2600.net #jester. I have gone there twice to try to do some good, but I haven't found any way to make things better. The Jester is not willing to release his tool or discuss it in any detail. It seems to be a layer 7 attack using a variety of incomplete requests, like SlowLoris.

Regardless of your political position about Wikileaks, I think it is outrageous that a single attacker can just shut sites down at will. We need better defenses against Layer 7 DoS!

I also think the Jester won't be around much longer. He seems to be on they typical gunslinger's path of self-destruction, pulling larger and larger stunts as a challenge to the world. And when I have tried to bring these things up in the IRC room, all I get is macho posturing and slogans, people bragging about how powerful their attacks are.

Pulling off so many high-profile attacks, and also engaging in social networking like Twitter and IRC, is self-contradictory. The Jester is vulnerable to social engineering attacks. I'm sorry to see a train-wreck in progress.

I can't make the Jester stop attacking sites, but we should be able to defend them from such attacks. Unfortunately, I don't see anything stopping layer 7 DoS attacks effectively at present.

4chan took down a lot of sites recently with DDoS, and no one seems able to stop the Jester's attacks. Hopefully Wikileaks or Amazon (who hosted Wikileaks during the attack) will post their packet logs so security researchers can analyze the attacks and try to prepare countermeasures.

Links