Is this the result of some kind of organized DDoS (Anonymous or some other hacktivist group), or merely a coincidence given their recent exposure re: aaronsw?
Nope, all the tweets have come after the sites were already down.
Typical Anonymous/Lulzsec DDoS operations doesn't work like that, they need thousands of participants before it'll have any effect. If it was a public DDoS like the operations that took down DoJ about a year ago you would expect to see thousands of tweets about it and a lot of IRC activity.
> So what is Multiboot.me? Well it’s a Pay-Per-Minute DDoS system that has been used by Anons (and others) to down US and other sites since LOIC got rumbled and DHN got pwned.
In addition, not all DDoS involve LOIC style attacks. It can use other types of exploits.
Lack of both --- the nameservers are unreachable, but so is everything else. (MIT apparently hosts its own DNS, but attempting to ping internal servers by IP address, bypassing DNS, also fails.)
Traceroute to web.mit.edu (previously 18.9.22.69) dies after a Level 3 router in Boston. This isn't just DNS, although both MIT.edu and DoJ.gov are returning NXDOMAIN right now.
Justice.gov and USDoJ.gov are functioning normally, though.
I can't even ping them. MIT has huge pipes to the Internet. Someone has to be throwing a lot of bandwidth at them from very very close to choke them off, or has specifically attacked their routers.
MIT's been having serious intermittent network problems over the past two weeks, although usually not a complete outage from all parts of the Internet (there were several points last week where it was reachable from Internet2 but not from a handful of residential ISPs). I have no knowledge here, but at this point I'd be more likely to credit some router somewhere sucking than Anonymous with doing anything.
MIT's name servers are all on their own network? Seriously?
;; AUTHORITY SECTION:
mit.edu. 172800 IN NS bitsy.mit.edu.
mit.edu. 172800 IN NS strawb.mit.edu.
mit.edu. 172800 IN NS w20ns.mit.edu.
;; ADDITIONAL SECTION:
bitsy.mit.edu. 172800 IN A 18.72.0.3
strawb.mit.edu. 172800 IN A 18.71.0.151
w20ns.mit.edu. 172800 IN A 18.70.0.160
Hi there! We know MITnet is down, and we're pretty sure its an issue with BGP. We've been having issues periodically over the past few weeks, and this is almost certainly not the result of an attack, just network misconfiguration.
It's understandable that you're angry, but spamming a random site with a "random" guy from MIT that didn't have anything to do with Aaron's case isn't going to solve anything.
58 comments
[ 5.6 ms ] story [ 115 ms ] threadhttps://twitter.com/AnonymousIRC/status/290625822983856128
Typical Anonymous/Lulzsec DDoS operations doesn't work like that, they need thousands of participants before it'll have any effect. If it was a public DDoS like the operations that took down DoJ about a year ago you would expect to see thousands of tweets about it and a lot of IRC activity.
http://jesterscourt.mil.nf/2012/09/27/anonymousqassam-pay-pe...
> So what is Multiboot.me? Well it’s a Pay-Per-Minute DDoS system that has been used by Anons (and others) to down US and other sites since LOIC got rumbled and DHN got pwned.
In addition, not all DDoS involve LOIC style attacks. It can use other types of exploits.
[1]: http://news.ycombinator.com/item?id=5052903
Justice.gov and USDoJ.gov are functioning normally, though.
[1]http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addres...
-- Luke from MIT SIPB
Google and MIT have a network peering arrangement.
It is not clear whether this was an attack or not.