Help for DDoS: Nedasites

Discussion in 'Anonymous Iran Archive' started by gr88iran, Jun 30, 2009.


How do you like this program?

Excellent 12 vote(s) 50.0%
Good 3 vote(s) 12.5%
Haven't tried it yet 6 vote(s) 25.0%
Rubbish 3 vote(s) 12.5%
  1. gr88iran Member

    Yes, they can definitely track you and your location. That's why we warn ppl not to use it from INSIDE Iran. According to the unofficial monitoring laws every ISP has to give a log of the users, their browsing history and their telephone numbers to government authorities. (I got this news from two independent sources who work for Iranian ISPs).

    A firewall cannot protect your identity, but a proxy or anonymity network (Tor, JAP, VPN, etc.) can protect you. However it's not recommended because: first they are slower than direct connection. Second: it consumes the bandwidth that can help our Iranian sisters and brothers for passing the government filtering system.

    Therefore only use this program if 1: you live OUTSIDE Iran, 2: You have a hi-speed connection (>1Mbps, at least 10Mbps is recommended), 3: Your ISP doesn't impose traffic limitations.

    Thanks for helping Iranians,
    :) Good luck!
  2. anyone know how many ppl are using this program?
    are there links to it in the other "bring down sites" threads?
  3. so far we had 500+ downloads. Due to security reasons we don't track who is running the application and attacks to which web sites. But accordint to the statistics the top three contributors to this DDoS program are US, China and Poland. There are also a lot of people in Germany and the Netherlands as well. In general, except China, almost all european countries are helping us. In the south america, we have some users from Brazil and Argentina.
    However, we are looking to extend the program and develop a more advanced attack, then it will be advertised in more popular places.
    But please don't hesitate to share or introduce it wherever you like. We need as more attackers as possible.
  4. Vee Member

    Thumbs up fellow Aussies
  5. Hello,

    gerdab ir is back again for some time now :(

    It seems, the application is no longer able to connect to the site after a while. Do they block IPs that they have been attacked from? Is there someway to get around this?

    Sorry if the questions are stupid, I am not a tech person.
  6. If you're concerned about the legality, then I'll give you my personal take.

    First of all Denial Of Service attacks are illegal in *most* of the countries we're in. In a few it may be a bit of a grey area, but AFAIK, the majority do have the legislation to deal with it.

    I thought about this quite a bit before using Slowloris to attack, as I don't readily break the law.

    To my mind the benefits of taking down the site are that:

    (a) It's being used to locate people who are very likely be tortured, and possibly even killed for - what to my mind - are totally illegitimate reasons.

    (b) Taking down the site of the Iranian "Cyber Police," wastes the time of staff who have a good chance of otherwise being engaged in the online trackdown and subsequent arrest of people who've been speaking out.

    (c) If successful, it's a minor morale booster for those who're protesting, and lets them know that the world hasn't forgotten them.

    None of those make it any less illegal, but personally I'm comfortable with the ethics. At the end of the day though, that is what it is: a personal decision.

    How likely are you to be prosecuted? My guess is fairly unlikely. But don't assume that that's the case.

    In the UK, the CPS - who decide whether a prosecution should go ahead - have a test of "public interest," i.e. "is it in the public interest to prosecute this individual?" and personally, I can see answers that could cut both ways. So, if you do do this, be prepared for possible consequences. In the UK these are up to 10 years in prison. However, realistically it's much more likely be a fine and/or a suspended sentence, as the motives are neither malicious nor criminal, (even if the actions are), and any listed damages would probably be taken with a pinch of salt given the politics involved.

    I would be interested to hear the views of anyone who's qualified in law though. [Probably some BIG EDITS in what I've written :) ]
  7. Srpska Member

    I believe that is the case, yes. Assuming that, I would guess that you can get round it by refreshing your IP, instructions for which are below.

    How to Refresh Your IP Address on a Windows Computer: 5 steps - wikiHow
  8. Can this program be repurposed for attacking any sites at all? If so that might explain in part why there are so many downloads coming from China
  9. Srpska Member

    Um, yes, it can. Easily. You think maybe Chinese Government hackers are making the most of the stuff being shared here?
  10. @gr88iran

    Maybe you should have included the sites into the program itself instead of having the option to add/remove an url.
  11. Srpska Member

    I'm not sure exactly what the Gerdabfags have blocked here. I thought it was simply any IPs that were attacking them - which would make sense - but I'm now attacking from a new IP and still not getting through.
  12. Not even strictly government people, just hackers in general. Most of the world's internet crime comes from China and Russia I believe. I really hope that they're using the software as intended, though
  13. I can verify this.
  14. It looks as if traffic to is getting routed through another site, "" I missed it as it showed in the bar at the bottom of the browser for a split second as the page was loading. Gonna try to figure this out, but wanted to post this first in case anyone else has a clue right off. This was from a Canada IP.
  15. Yes, we are working on a security patch to prevent it.
    Thanks for the suggestion. A new version should appear very soon.
  16. Maybe we should directly attack IP.
    Some of the developers in our team suggest remote controlling the clients and updating them with the latest attack IP list. But I'm against this idea for security reasons. However, I suggest maybe we can have an online list where people can check every now and then, and copy/paste URL list easily.
  17. One suggestion can be limiting the IPs to a pre-determined list. but then we'll lose the flexibility.
    There are also other methods that prevents people from attacking from inside Iran but I cannot disclose them here (again for security reasons or FSR!) ;) But if anyone has a suggestion, please write here and we'll discuss about it within our development team.
  18. gr88iran Member

    Can you see their website with the new IP (before starting your attack)?
  19. gr88iran Member

    Good reasons! Can I edit and put them on our website ? (Nedasites)
  20. gr88iran Member

    Yeah, this is one possible solution. But then we lose flexibility.
    We are thinking about a rather tricky algorithm, but please everybody don't hesitate to share any solution that comes to your mind.
  21. Go for it.

    Thanks for asking though.
  22. If you're using Nedasites, can you confirm whether you're still able to hit please.
  23. gr88iran Member

    These statistics show that is experiencing a huge load these days: - Traffic Details from Alexa

    It sometimes goes down (or blocks the IP) but still is overstressed by connection requests so it can't serve properly.

    This shows the list of other sites owned by Netblock Owner: Top sites for Soroush Interactive Network

    The interesting point is that "" a pornography website, is hosted on the same network as In other words Intelligent Service has set up pornography web sites to detect people, their proxy or work around method and/or spread Trojans to their computers. As I said before no brain is dirtier than those who work for Intelligence Service of Iran. :(
  24. Any Chance You Can Compile a Java 1.5 version?

    I'd be happy to run this on a couple of macs - but they are ppc tiger macs that can only run java 5 apps.

    I know nothing about java apps, so I don't know if this is as simple as compiling with different options, or if it is a pain in the butt.

    If it is simple, and you post it, I'll download and use it.

    cheers . . .
  25. gr88iran Member

    Thanks for your interest to help Iranian people. The latest version is compiled for Java 5 so it should work on your system too. Please inform us about the result (or if there's any error) so that we can fix it.
  26. Error on os x 10.4, ppc

    this is the most up to date java version running on this computer:

    ~ $java -version
    java version "1.5.0_19"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_19-b02-306)
    Java HotSpot(TM) Client VM (build 1.5.0_19-138, mixed mode, sharing)

    and this is the error that shows in the console. the jar file fails to load at all.

    'Exception in thread "main" java.lang.NoClassDefFoundError: javax/swing/GroupLayout$Group'

    hope that is helpful.
  27. Srpska Member

    I'm not. (You already know this, but I'm just posting to get other Nedasites users' attention)
  28. gr88iran Member

    Thanks for your feedback. Can you run it with this command?
    ~ $java -jar Nedasites.jar

    It's a pity that Java doesn't have an easy cross-platform deployment method. Maybe we tried the JNLP technology but our host (Google Sites) is not flexible enough.
  29. os x 10.4, ppc - still doesn't work

    still get the same error:
    'Exception in thread "main" java.lang.NoClassDefFoundError: javax/swing/GroupLayout$Group'

  30. gr88iran Member

    It's a pity that Java is not as "platform independent" as they claim! All along my professional experience I have seen such problems and even platform-specific or version-specific bugs! However, to blame the technology is not a solution. We are developing a C# version which can run on Windows, Linux and Mac OS with Mono. Meanwhile I'll try to find the reason of that error on this specific platform.
  31. Kruge Moderator

    I have a general question I wand answered before I try something harmful (to the Iranian backbone instead just

    I just remembered that a while a go I got the webpage of a convention to crash by accident (at least I'm pretty sure it was me, since I did it again the next day):

    I did some data mining once, getting the addresses of companies that attended that convention out from the homepage, by using one of those tools that scan the page for you, look for keywords, save content to your harddrive so you can further filter it later etc.

    Being new (back then) to this matter it seems I had the software running on pretty server-unfriendly settings - opening too many threads at once, things like that. Which after a while sent the server down - it didn't block my IP, it was gone for several hours (until, I assume, someone noticed and reset it).

    Now - before I try achieving something similar on I suspect that doing that would be similar to attempting a DDos attack - I mean possibly blocking the Iranian backbone for our friends as well?

    If someone more tech-savy than me understands what I try to explain and can tell me it *isn't* bad for Iranian net, I'd be happy to give it a try on, otherwise, of course, not.
  32. Srpska Member

    In my view, Gerdab is the exception to the "don't DDoS" rule, because it is justified.

    That's just me, though.
  33. I say hit with anything and everything you have. This has become almost a personal war of the wills and endurance. Taking it out would be a major moral victory. Hack it, slash it, burn it, anything goes.
  34. Kruge Moderator

    But still I'd like to know: Is what I'm thinking about like a DDos in that regard? Or worse? Or better?
  35. Srpska Member

    Ah, now that I don't know, I'm afraid.
  36. gr88iran Member

    If you host a proxy on your system, it's strongly recommended not to attack Gerdab because they will probably block your IP on national gateways (I doubt if they are that smart, but it's possible that they have hired some black hats for their dirty business).
    I'll suggest putting this warning in the next version of Nedasites: people who run a proxy or service for Iranians, should NOT DDoS gerdab or any other Iranians site because their IP will [probably] be blocked.
  37. gr88iran Member

    What you did is not technically a DDoS attack. You just overstressed a weak server. For a DDoS attack more than one computers should attack a server (usually controlled from a central station manually or automatically).
    However, in that sense, Nedasites is also an independent server stress program. It's not controlled centrally either (though we have a suggestion list and in the next version the list will be fixed).
    But generally speaking, you can use your program to achieve the same (or even better) results as Nedasites. You just need to overstress the server... :)
  38. Think of it as opening every page on the site and constantly saving/downloading/refreshing each one. Nothing wrong with that.

    And even if there was, this is we're talking about here. No rest for the wicked.
  39. Speaking of wills, I wonder if they were secretly behind twitter's recent hashtagpush woes...?
  40. Srpska Member

    This this this a thousand times this

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins