AnonymousMedia.org

Category: Uncategorized

  • Missile attack on Kharkiv apartment kills two

    Missile attack on Kharkiv apartment kills two


    Two people, one of them a three-year-old child, have been killed and approximately 28 injured in a Russian strike on Kharkiv, Ukrainian officials confirmed.

    A multi-story residential apartment block was almost completely destroyed in the dual missile attack on Friday afternoon, which Ukrainian President Volodymyr Zelensky called “heinous”.

    Russia’s Defence Ministry denied reports of an attack, suggesting on Telegram that the blast at the site had been caused by the detonation of Ukrainian ammunition.

    The strike comes as Ukraine is due to host crunch talks in Kyiv on Saturday.

    Zelensky says around 15 countries are expected to attend the talks, along with representatives from the European Union and NATO, and a US delegation joining the meeting via video link. It comes ahead of leaders from the so-called coalition of the willing meeting in France on 6 January.

    Kharkiv officials say the bodies of a woman and a three-year-old child were found in the rubble, with preliminary information suggesting the pair could have been a mother and son.

    “Unfortunately, this is how the Russians treat life and people – they continue killing, despite all efforts by the world, and especially by the United States, in the diplomatic process,” Zelensky wrote on X.

    Of the 28 injured, which included a six-month-old baby, 16 have been taken to hospital.

    A search and rescue operation is ongoing with more than 80 volunteers working at the scene, according to an update from Regional Governor Oleh Syniehubov.

    “The Armed Forces of the Russian Federation neither planned nor launched attacks using missile weapons or aircraft weapons within the city of Kharkiv,” the Russian Defence Ministry said in a statement to Telegram.

    It added that video footage from before the attack showed “heavy smoke of unknown origin”, which it cited as evidence of ammunition detonated by Ukrainian armed forces.

    The ministry also alleged that the reports were seeking to distract world attention from a New Year’s Eve strike on a hotel in a Russian-held part of Kherson region in southern Ukraine.

    Russia has accused Ukraine of killing at least 27 people and injuring more than 30 in the drone strike on a New Year’s party in the village of Khorly on the Black Sea.

    The BBC has not been able to independently verify either these claims or the number of casualties.

    When asked by the BBC for comment, Ukraine said it would not directly respond to sources of information such as claims from governors of occupied regions.

    It added that it adheres to the norms of international humanitarian law and conducts strikes exclusively against military targets.

    Russia’s Investigative Committee said it had opened an investigation into the attack, while the Russian foreign affairs ministry accused Ukrainian President Volodymyr Zelensky of “seeking to intimidate the populations of the reunited Russian regions, who have forever linked their fates with Russia through referendums”.



    Source link

  • Debugging DNS response times with tshark

    Debugging DNS response times with tshark


    One of my holiday projects was to redo and optimize part of my home network. One of my homelab servers failed in November. I had only thrown the replacement in the rack to get going, but some cleanup was needed. In addition, a lot of other “layer 1” issues had to be fixed by re-crimping some network drops and doing general network hygiene. The dust buny kind hygiene, not so much the critical controls type. After all, I don’t want things to overheat, and it is nice to see all network links syncing properly.

    But aside from the obvious issues, there was a more subtle and rather annoying one: Sometimes a website would take a long time to load. This was, in particular, the first time of the day I loaded the particular side, and it happened across a wide range of sites (pretty much any site). I ruled out ad filters and other security tools by temporarily disabling them. So I figured, it may be time to blame DNS… 

    Luckily, tshark has some great tools to inspect and summarize DNS. To get started, I collected about an hour of DNS traffic on my firewall, and next, loaded it into tshark.

    I started with the default “DNS statistics summary”:

    tshark -z dns,tree -nr dns.pcap

    The output is rather verbose, so I am just highlighting some parts here

    I got about the same number of queries and responses, so that part looked ok. It does not look like anything was completely off/wrong. Next, tshark summarized the DNS query types:

    The first test I ran (not shown above) had a huge number of PTR record lookups. It turns out that this was my NTP server. Last year, I added one of my GPS-synced NTP servers to pool.ntp.org. It is now getting quite a bit of traffic. For whatever reason, it was configured to do reverse lookups on all connections. I do not know if I enabled this, or if this was the default (change control is for people who don’t enjoy troubleshooting with tshark). The screenshot above is from after I had this feature turned off and shows a more normal distribution. tshark produces a similar breakdown for answers. The SOA, IXFR, and AXFR queries are due to some internal zones I use that are dynamically updated. My recursive nameserver hs DNSSEC validation enabled, which explains the DS, DNSKEY, and NSEC/NSEC3 queries.

    From a performance point of view, the last few lines of the report are most interesting:

    The average response time was 33 ms, which isn’t too bad. But the maximum response time was almost 8 seconds. So let’s try and dive into that in more detail:

    tshark calculates the response time for each DNS response, and you can filter for it, or display it, using the “dns.time” field. I went for this approach:

    tshark -nr dns.pcap -Y 'dns.flags.response==1' -T fields -e dns.time -e dns.qry.name -e ip.src | sort -n

    This returns the response time, the query name, and the source IP, to identify what is causing these long response times. I sorted the output by response time. The last few lines of the output (every response exceeding 7 seconds):

    7.221731000    firmware.zwave-js.io    1.1.1.1

    7.222681000    isc.sans.edu    75.75.75.75

    7.224087000    firmware.zwave-js.io    9.9.9.9

    7.225434000    firmware.zwave-js.io    75.75.75.75

    7.229738000    firmware.zwave-js.io    8.8.8.8

    7.655821000    ywab.reader.qq.com    8.8.8.8

    The “firmware” hostname is likely related to some IoT devices, and I doubt this affects my laptop’s browsing experience. qq.com is not used by me but by other family members. So that leaves isc.sans.edu (which also had a 6-second response not shown here). 

    Next, I checked if all the forwarding servers I am using behaved the same. I am using 1.1.1.1, 8.8.8.8, 9.9.9.9, and 75.75.75.75 (Comcast, my ISP).

    All four behaved very similarly on average:








      Mean Median Std Variance
    1.1.1.1 0.0350 0.0196 0.0381
    8.8.8.8 0.0372 0.0200 0.0412
    9.9.9.9 0.0366 0.0198 0.0365
    75.75.75.75 0.0348 0.0200 0.0361

    If anything, I was surprised how close the results were to each other. I am using Comcast as an ISP, and I believe DNS servers like 1.1.1.1/8.8.8.8/9.9.9.9 use likely the same anycast infrastructure used by Comcast’s own servers (75.75.75.75).

    Everything worth doing is also worth overdoing, so I created a quick plot of the data via gnuplot, and again, the four servers’ response time is pretty much identical:

    (This was close enough for me to double-check the filters.)

    So what is the result? For now, the main outcome was to avoid the PTR queries from the NTP server (again, the data above was collected after). About half the queries were PTR queries, and PTR queries often fail and result in timeouts. But I am a bit in the denial phase as far as blaming DNS goes. I will let you know if I find something else.



    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu

    Twitter|



    Source link

  • Trump threat to intervene over protests ‘reckless’, says Iran foreign minister

    Trump threat to intervene over protests ‘reckless’, says Iran foreign minister


    Claire KeenanBBC News digital

    EPA A street-view image of Iranian shopkeepers and traders protesting on motorbikes and on foot in between cars with tear gas is visible.EPA

    Iranian shopkeepers and traders protesting in Tehran earlier this week.

    Iran’s foreign minister has called Donald Trump’s promise of intervention “reckless and dangerous”, after the US President warned Iran’s authorities against killing peaceful protesters, saying Washington “will come to their rescue”.

    In a brief post on social media, Trump wrote: “We are locked and loaded and ready to go,” but gave no further details.

    In a statement on X, Iran’s Foreign Affairs Minister, Abbas Araghchi, wrote, “Given President Trump’s deployment of the National Guard within US borders, he of all people should know that criminal attacks on public property cannot be tolerated.”

    Iran would “forcefully reject any interference in their internal affairs”, he added.

    Meanwhile an Iranian police spokesman said officers would not allow what he called “enemies” to turn “unrest into chaos”.

    At least eight people are reported to have died during the week-long protests, as of Saturday morning in Tehran.

    Two people died in clashes between protesters and security forces in the south-western city of Lordegan, according to the semi-official Fars news agency and the human rights group Hengaw, which said they were protesters, naming them as Ahmad Jalil and Sajjad Valamanesh.

    Three people were killed in Azna, while and another died in Kouhdasht, all in the west of the country, Fars reported. It did not specify whether they were demonstrators or members of the security forces.

    One death was reported in Fuladshahr, central Iran, and another casualty in Marvdasht, in the south.

    BBC has not been able to independently verify the deaths.

    Protests have spread to a number of cities and towns with running battles reported between security forces and demonstrators.

    The protests started in Tehran among shopkeepers angered by another sharp fall in the value of the Iranian currency against the US dollar on the open market.

    By Tuesday, university students were involved and they had spread to several cities, with people chanting against the country’s clerical rulers.

    The demonstrations have been the most widespread since an uprising in 2022 sparked by the death in custody of Mahsa Amini, a young woman accused by morality police of not wearing her veil properly, but they have not been on the same scale.

    President Masoud Pezeshkian has said he will listen to the “legitimate demands” of the protesters.

    But the country’s Prosecutor-General, Mohammad Movahedi-Azad, warned that any attempt to create instability would be met with a “decisive response”.

    The Reuters news agency reported that Iran’s UN Ambassador Amir-Saeid Iravani called for the Security Council to condemn Trump’s statements in letter to the UN secretary-general and president of the Security Council sent on Friday.

    “Iran will exercise its rights decisively and proportionately. The United States of America bears full responsibility for any consequences arising from these unlawful threats and any ensuing escalation,” he said in the letter.



    Source link