dChan
Anonymous ID: f4669b May 1, 2021, 2:18 a.m. No.13555946   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>5970 >>5988 >>6514 >>6626

WARNING: DNS fuckery is in progress

 

I posted about this two days ago but I didn't have many details and, besides, nobody cared.

>>13539045, >>13539087, >>13539344, >>13539407, >>13539417 (all pb)

 

This is serious. The situation is stable right now but there is clearly a plan to open a can of worms on the anons here. DNS servers worldwide are being seeded with invalid IP addresses for "8kun.top". Apparently, this is being done through an exploit and some servers may be immune. Use this link to monitor the situation:

 

https://dnspropagation.net/A/8kun.top

 

Refresh the page a few times and look through it to see if some servers are showing just one IP address for this site. There should be a set of 8. The bad DNS lookups appear randomly. This is happening with my own ISP and also with Google DNS. I am still trying to determine if Cloudflare or OpenDNS are vulnerable.

 

Now, the key to this is what is called the TTL which means "Time To Live". It is normally 60 seconds for this site. This means that, if your DNS server gets hit with an invalid IP address then you need only wait 60 seconds for your DNS cache to refresh and get a new address. This is why there are no howls of grief. People simply assume that a random glitch occurred because it goes away quickly. Note that this may not necessarily be true for everybody. Though the TTL is supposed to be 60 seconds, some DNS servers (meaning the one supplied by your ISP) may ignore this value. I don't know this but you should keep it in mind if the site seems to go down for a long period.

 

There are two critical subdomains involved: "8kun.top" and "media.8kun.top". If "8kun.top" fails, auto-updates will fail and the catalog will fail. If "media.8kun.top" fails, images and other media will not load. The two will RARELY fail at the same time. This is another reason why it may look like just a temporary glitch. The frequency of occurrence is around once every two hours though YMMV.

 

I have seen only one problem report: >>13554086 (pb)

why did I just get an error message for 8kun from facebook?

 

I have verified that this can happen. Some of the invalid IP addresses are owned by Facebook and I have found two which are live. None of the others are live. Here is a list of addresses which resolve with a reverse DNS lookup:

 

31.13.66.1 - edge-secure-shv-01-iad3.facebook.com

31.13.68.22 - edge-extern-shv-03-xsp1.facebook.com (live)

31.13.85.8 - edge-star-shv-01-gru2.facebook.com (live)

31.13.95.37 - whatsapp-chatd-msgr-mini-edge-shv-02-cgk1.facebook.com

64.13.232.149 - acmkoieeee.gs02.gridserver.com

74.86.226.234 - ea.e2.564a.ip4.static.sl-reverse.com

75.126.164.178 - b2.a4.7e4b.ip4.static.sl-reverse.com

108.160.172.208 - experiment.v.dropbox.com

 

These IP addresses do not resolve:

 

31.13.66.23, 31.13.90.19, 69.63.176.59, 69.63.187.12, 69.171.244.12,

103.252.115.53, 104.244.43.57, 104.244.46.85, 104.244.46.211, 108.160.163.116,

108.160.165.211, 108.160.170.51, 185.45.7.189

 

There could be hundreds of addresses being circulated. I am no expert on DNS or Internet security so I have no conclusion to make about the distribution. I will note that a cursory examination suggests to me that the addresses are all under the control of possibly just one Internet authority. Look here:

 

https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks

 

Here is what we need to be prepared for

 

If the exploit which is being used to seed bad IP addresses can also be used to modify the TTL then we could be in for a world of hurt. Simply extending the TTL to an hour or so could take down the site for many anons and reduce the traffic considerably. The site operators and Vanwanet would not even know what happened because the exploit only targets the anons. This would work like a valve. Open the valve to let the traffic through and then close it for any desired period of time. There would be little or nothing that Vanwanet could do. However, savvy anons know exactly what to do because we've been through this before. Change your DNS server to one which does not seem to be affected. Or change your "hosts" file. These are the currently valid IP addresses for the site:

 

sys.8kun.top: 185.165.190.88

 

8kun.top, media.8kun.top, nerv.8kun.top, softserve.8kun.top:

94.103.81.80, 94.103.82.74, 94.103.94.73, 109.234.38.4

193.178.169.19, 193.178.169.117, 195.2.92.96, 195.2.93.193

 

I leave it to other anons to provide the instructions for hardening your system. I will update as needed.

 

Addendum: I've been running with OpenDNS for two hours and have not encountered a bad IP address.

Testing Cloudflare DNS next. As I mentioned already, Google DNS is vulnerable. As always: YMMV.

OpenDNS: 208.67.222.222 and 208.67.220.220, Cloudflare: 1.1.1.1 and 1.0.0.1

 

WWG1WGA

Anonymous ID: f4669b May 1, 2021, 2:33 a.m. No.13555995   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6071

>>13555970

>The site operators and Vanwanet would not even know what happened because the exploit only targets the anons.

>Explain this part more and how it is knowable?

 

Essentially, the DNS lookup failure is random and does not affect all servers at once. This is very different from our past experiences where the DNS failures were easily verifiable and addressable by Vanwanet at the source (that is, the top-level DNS server for Vanwanet). This exploit is not targeting the top-level server. It is a distributed attack against multiple servers around the world. It affects different site users at different times. The attacker needs to be found and stopped.

 

Does that help?

Anonymous ID: f4669b May 1, 2021, 2:45 a.m. No.13556031   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6051

>>13556022

No possibility should be eliminated but I would say the Firefox update had nothing to do with it.

Note that the time span is from two or three days ago. Anything that happened before then is not likely to be related to the current issue.

Anonymous ID: f4669b May 1, 2021, 3:04 a.m. No.13556099   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6132

>>13556071

I'm working from a base of general computer skill and not as an Internet expert. There is no "expert" level of understanding needed here.

 

>Iโ€™m a little naively speaking here, but how does that target anons?

Perhaps my sentence was poorly written. I will rephrase for the next update.

What I mean by "targeting anons" is that we are the target and not the site itself. If we can't rely on our DNS server to give us true information then our access gets borked. A bit clearer?

Anonymous ID: f4669b May 1, 2021, 3:19 a.m. No.13556131   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6153 >>6154 >>6158 >>6161 >>6172 >>6173 >>6186 >>6193 >>6218 >>6370 >>6452 >>6457

Holy shit! WTAF is going on? REALLY interesting post by Jim Stone today:

 

Something is VERY weird with the vax propaganda

 

A lot of what is being done (today USA today said the un-vaccinated need to be shunned - and they did the whole "science" rip to boot, to make good and sure the last trailing idiots go in for their shots) -

 

Now that we know the vax was designed to shed having the vaxxed shun the un-vaxxed is the best thing that could possibly happen. It is as if the elite don't want to be served by idiots in the future, and they are setting up every possible way for people who can't think to be eliminated. What if that's what they are really doing by pushing the vax, and then pushing to have vaxxed and un-vaxxed separated?

 

Vax update:

 

I stumbled across this and it is differet enough to post by itself:

 

My neighbor was vaxxed and then basically his family took his keys he was in such a brain fog. Nearly had 3 wrecks. Truckers and cops reported impaired people having many single car wrecks, weaving, acting drunk - only common denominator is a recent vax. The people know they are screwed up but don't realize how bad.

 

People also showing ambien-like effects where they are dream-walking: going to stores, have strange interactions and remembering nothing of it later. Doctor friend told me this has happened to SEVERAL patients and they have no answers. One lady approached her SIL for sex. She is not the type and remembers nothing of it. This crap can break up families. She later approached a neighbor for sex. ASLEEP THE WHOLE TIME. What a disaster. On top of that it will probably also wreck your immune system and kill you at some point.

 

My comment: Mexico is vaxxed at a far lower rate than the U.S., yet even I have noticed older people (who qualified for the vax earlier here) are now often seen(by me, directly):

 

Backing out into busy traffic without looking, one almost hit me when I was stopped at the light and I had to go psycho on the horn while they kept backing up despite that and I avoided the fender bender by pulling right up to the bumper in front of me -

 

Super psycho idiots simply backing out into other busy traffic without a care in the world, traffic that's going 50mph and only miracles stop the crashes. I have NEVER seen this before, EVER, it's totally unaware backing with no consideration whatsoever.

 

Lots of people coming to very abrupt halts and blocking high speed traffic that could smash them to smithereens, and they stay paused for a LONG TIME, and then after being completely stopped, turn off the road at an absolute snail's pace. I have NEVER seen that before, and it is happening a lot now. It's as if they can no longer calculate how to slow down and turn off the road in one move.

 

Totally weird and erratic parking, with no consideration to the parking lines. That NEVER used to happen, at least in this town EVERYONE paid attention to that detail, until now.

 

I am changing driving habits to allow ways to accelerate away from being rear-ended (at least more than I already was) and I don't think green lights are really green anymore, they are instead light initiated stop signs and you had damn well better look before crossing. It was just AWFUL today when I had to take Claudia everywhere for the medical stuff, I really got a fantastic look at the traffic situation, it is simply not the same anymore. Claudia was like: "Why are you hitting the gas so hard and swerving so hard and braking so hard? She understood the horn honk when that old and probably vaxxed lady was backing out. She also noticed people were simply flying out backwards into high speed traffic without a care in the world. It is FAR WORSE than having a bunch of drunk drivers on the road, because at least drunk drivers are still functioning and thinking, they are just doing it drunk. What I saw today was people driving as if they were totally mentally impaired, as if they were missing whole pieces of their brains. Processing not done at all. Not like they are processing traffic while drunk, they are simply not processing it at all.

Anonymous ID: f4669b May 1, 2021, 3:40 a.m. No.13556189   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>6192 >>6234

Crimony! I have a giant pimple in the crack of my butt and it's been sore as hell for the past few days. Really hard to sit straight. Good thing I'm home and not in an office. Now it's leaking pus. Good. I can't wait for it to go away. It's like finally having that damn rotten tooth come lose after pestering me for a month or two.

 

Had the same thing happen on the side of my neck many years ago. Giant pimple the size of a walnut. I think it hung on for a week or two before finally turning black and blue. A blister appeared in the middle and I squeezed a shitload of pus out it. Plop, plop, fizz, fizz, oh what a relief it is!

 

Do not read this while eating, kek.

Anonymous ID: f4669b May 1, 2021, 3:57 a.m. No.13556256   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>13556234

> pilonidal sinus cyst

I had to look that up. Thanks for the suggestion but, nah, it's just pimple. I had a sore there for a couple of years and then it magically went away a couple of months ago. I thought "Hey, that's great" but now this pimple showed up in the same place all of a sudden.

It's not sore anymore and I expect it to be gone in short order. Comes from sitting on a chair too much. I need a few more inches of padding.

Anonymous ID: f4669b May 1, 2021, 4:06 a.m. No.13556284   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>13556265

You might find an audience for your crap if you would only annotate the videos. Is it too hard to write a description instead of just posting random shit that could literally be anything? Too late now, I guess. A shit ton of videos with no way of knowing what they are without playing them. Go play in traffic. I'm being polite.

Anonymous ID: f4669b May 1, 2021, 5:31 a.m. No.13556527   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>13556514

>Historically, the media server for 8Kun often fails or suffers lag

Yeah, because that's the part that carries the heaviest load (obviously).

 

>I surmise that ddos attacks are often aimed at the image server

Not accurate. All of the 8kun subdomains are channeled through Vanwanet. A DDoS attack on any of the subdomains is an attack on them all. Aside from "sys.8kun.top" (which has a dedicated IP address), all of the subdomains even share the same IP addresses.

Anonymous ID: f4669b May 1, 2021, 5:57 a.m. No.13556623   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun

>>13556588

I'm not talking about Roku but about watching TV on the computerโ€ฆsometimes the server will get overloaded and start dropping parts of the video. This may be confusing for the Roku player software though I haven't seen similar symptoms on PC. If the server is overloaded, I get stalls but not skipping or jumping back to the start (the player will reload dropped sections). Had a LOT of trouble a year ago but I'm pleased that I haven't had trouble for months.