What's new

Massive DDOS attack targeting Pakistan's Infrastructure.

Status
Not open for further replies.
.
Just ask Puneet or Raj at Windows , to help download a patch since we don't have a Own Operating System , we can trust Puneet and Raj at Windows support

What can possibly go wrong ?
 
.
our universities don't have cyber security programs.maybe one and two reputable universities.Also most pakistani students are not willing to go in this field because it doesn't have as much as jobs available as compared to software dev jobs.
Bro pick them up at School level same way as Israelis do.

Secondly we have a lot of people who are self taught just need to scratch the surface to find em.
Our ministry of science & technology in recent past was led by a big mouth lawyer. Guess what was the biggest accomplishment ..... a moon calendar.
Current one is a poet ..... accomplishment .... an electronic voting machine (ofcourse it can't be hacked).
Its ministry of ITs job not Minister of Science pr Tech. 🙄
Are there no intelligent firewall tiers that would stop the incoming traffic outside of what's needed? The advance firewalls are smart enough to detect DDOS packets being sent and can block a whole country in case of such attempts. I'd guess this took place from your arch-rival?


Why are they using HTTP? It's unsecure like a baby's diaper........all sensitive financial, government, businesses now use HTTPS, half the issue of hack of DDOS is dead on attempt.
China has implemented their firewall very smoothly and indians cry about not being able to access chinese servers for hacking.

Pakistani babus dont care if their data is leaked tbh.
 
Last edited:
. .
says by whom?

WW3 consortium and ANSI! Before I go and waste time in answering such a childish question, without googling, can you explain to me how does HTTPS actually work? Do know a lot of googling would still be exposed.
 
.
dont worry we got lumber 1 spy agency :hitwall:
 
.
Anyone with enough knowledge bahi
then trust me those are outdated knowledge.
This is why earlier said need experience ppl who really had experience and mitigate ddos rather than having just knowledge from book 1 to book2.
WW3 consortium and ANSI! Before I go and waste time in answering such a childish question, without googling, can you explain to me how does HTTPS actually work? Do know a lot of googling would still be exposed.
No sir i dont thank you :). Answer me this defence.pk is behind https can it be bring down or not? have you experience in your life had ddos attack and you mitigate it?
 
Last edited:
.
100% agree, Pakistan's residential and commercial users are is still using DLink routers which haven't been patched for the uPNP exploit:
View attachment 778792

Example of a NAT Upnp injection script utilised against Pakistani routers previously:
View attachment 778794

Weaponised Urdu Font on a word document:
View attachment 778795
Filename:EOI-Application_Form.inp md5:d9279f628c9f19420f14edf3cfc3123f c2:officeupdater[.]org

Weaponised Word Document using InPage exploit:
View attachment 778797
View attachment 778798

And to top it all off our National Cyber Crime centre's website is still using HTTP protocol.
View attachment 778799

Very sorry to see such a pathetic state of affairs. These are just elementary issues. We are not even into advanced territory where nations like Israel exploit very sophisticated security bugs, backdoors etc. It is time for Pakistan to invest in IT and cyber security as the state should. Otherwise you are already in the stone age.
Yes I agree, there are some very good people in Pakistan, some of them have published research in peer reviewed journals, but as always no respect for human capital, and then people cry about "brain drain" and "overseas Pakistani". How about you start respecting your indigenous talent and nurturing them, then they wouldn't have to leave.

There was a time Rakuten came to Pakistan to take our best and brightest in the IT sector to Japan, what did the government do to reduce the human capital flight? Nothing!

This is essentially the problem. Unfortunately there is an enormous gulf and disconnect between how the PM of this country thinks and its inhabitants. When Imran Khan says that Pakistan needs to become a hub where talents come to work people just don't grasp what he means. Unfortunately we cannot keep nor appreciate our own talents in Pakistan who move abroad to earn better salaries. The responsibility to improve things lies with both the people and the institutions on every level. This can only happen once the mindset matures and changes.
 
Last edited:
.
then trust me those are outdated knowledge.
This is why earlier said need experience ppl who really had experience and mitigate ddos rather than having just knowledge from book 1 to book2.

No sir i dont thank you :). Answer me this defence.pk is behind https can it be bring down or not? have you experience in your life had ddos attack and you mitigate it?
Bro you are calling others of possessing outdated knowledge while you yourself have no idea of what we are talking here (no offence intended)
 
.
Not good. If this becomes rampant routine,internet & internet service provision would collapse. I wont be financially viable.

Since the war in Afghanistan became a failure for very powerful nations and Pakistan has became the number 1 scapegoat IT and other infrastructure is a likely target. The government must initiate immediate measures to address shortcomings.

We can already see how sports is being exploited to send a message. No area will be spared. To remain in a lumber would be insanely criminal.
 
.
Bro you are calling others of possessing outdated knowledge while you yourself have no idea of what we are talking here (no offence intended)

It's okay, he has an opinion, he is welcome to is. Apparently research for him is a waste of time! So all those Security Researches hired by McAfee, Cloudstrike, Infoblox and Palo Alto can just hang up their hats and start selling samosas on Murree Road.

Chalo allah is ko khush rakhey.
 
.
Pakistan has massive gaping holes in its cyber security and the vast majority of these are for stupid reasons like using outdated software and security measures. You don't even need some expensive 0 day exploit.

The saddest part is, a large number of people in the government don't want to do anything. Not about this, or any other problem. They go out of their way to stop any good from happening. And then there's the sellouts, who will leak whatever information you want for 100,000PKR.
 
.
Bro you are calling others of possessing outdated knowledge while you yourself have no idea of what we are talking here (no offence intended)
It's okay, he has an opinion, he is welcome to is. Apparently research for him is a waste of time! So all those Security Researches hired by McAfee, Cloudstrike, Infoblox and Palo Alto can just hang up their hats and start selling samosas on Murree Road.

Chalo allah is ko khush rakhey.
Thank you I am speaking from experience sir please do research on layer7. This defence.pk or any other website/server behind ssl certificate wouldn't save you if hit by 200gbps or more if server don't have 200gbps anti ddos protection.

Only owner of defence.pk knows this what i am talking about since it's behind cloudflare could be on free plan and most website are now behind cloudflare with their certification knows this. They think free cloudflare and ssl will safe them but it's not. Check this

ex.png

This is how it's done to bring down send millions of packet at a time https or no https

If it's just about http and https then it would be like this. have server, install SSL in it and install csf firwall and that's it happy protection.

Think this way
If you have a tunnel and you allow 20 ppl at a time and at times 2000 ppl goes in the tunnel same time what will happen? http or no https it will stop responding to those ppl more than 20 which the capacity of the tunnel.


And you think hiring researcher is enough so lets' just closed down other anti ddos service provider out there like cloudflare and other. Just install ssl , firewall and that's it who provide service to big cooperation their services

Anyways thank you.
 
Last edited:
.
Thank you I am speaking from experience sir please do research on layer7. This defence.pk or any other website/server behind ssl certificate wouldn't save you if hit by 200gbps or more if server don't have 200gbps anti ddos protection.

Only owner of defence.pk knows this what i am talking about since it's behind cloudflare could be on free plan and most website are now behind cloudflare with their certification knows this.

If it's just about http and https then it would be like this. have server, install SSL in it and install csf firwall and that's it happy protection.

Think this way
If you have a tunnel and you allow 20 ppl at a time and at times 2000 ppl goes in the tunnel same time what will happen? http or no https it will stop responding to those ppl more than 20 which the capacity of the tunnel.


And you think hirinig researcher is enough so lets' just closed down other anti ddos service provider out there like cloudflare and other. Just install ssl , firewall and that's it.

Anyways thank you.

You are welcome to your opinion brother.
 
.
whats the latest update on it ? frankly spreaking I didn't experience internet outage last night at all...was using internt almost thru out the night at good speed
 
.
Status
Not open for further replies.

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Back
Top Bottom