: >From Rayelan: Evidently there is more going on than I
: know. I am blocked from the web. I cannot access
: ANY webpage.
(Raye, you might want to send this to your ISP or suggest they read it...or can somebody fax or e-mail it to her?)

After reading this email and Oliver Haddo's response, I feel it necessary to make a minor observation. Though Oliver is right about a certain type of DOS attack, known as the multiple server flood attack varient, while it will deny access, the evidence of that type of service does not give the error message described by Oliver. Those types of attacks burden the server so that it either allows the connection to be made and then is so slow that no message will return down the connection, or, the server will be slowed to the point that it will timeout before a connection is ever made.

The attack varients that give the type of error message Oliver quoted, are the permission hack, and the DNS Hijack. Since we can get access to the pages in question, it is highly unlikely that the permissions have been changed on the files, so the permission hack attack is not likely. This leave us with the more insidious DNS hijack, which takes a person with a pretty good technical understanding to accomplish. While most network security specialists can exploit this, not many laymen can.

The attack first takes over an exploitable DNS server by doing an anonymous zone tranfer, then makes the expoited DNS server blindly refer all requests to it to a 3rd party DNS the hijackers have control of, all without the original DNS owners knowing that it is happening. The zone files in the new server are replaced with ones that alias a false address list to a single page on a web server they also control. I say 'control' here, not 'own', as they usually hack some other poor slob's servers to do their work from first. In this manner they get the other person in trouble for it. The page the surfer is then directed to will have been permissioned to not let anyone access it. No matter what page on the original server they send a request for, it gives them a "You do not have access to that page" error.

Now here is the sneaky part. This is usually done when a hacker has a personal grudge, and wants to stop a person from within the zone from reaching their own server and/or web pages, while defacing the server to the rest of the world. The owner then raises high hell with their ISP, thinking it is a dial-up service malfunction on their service, since the rest of the world can reach it. When it happens several times, the owner gets really steamed at the ISP. The ISP in turn will only take so much, and after several such attacks, will discontinue service to the site owner, to ease their own workload. This makes the hacker the winner.

WHAT IS PROBABLY HAPPENING HERE IS EVEN MORE INSIDIOUS:
By the sound of it, two or more people can not get to the pages on the site, and at first glances, this seems to mean little.

That is, until you realize that one of the blocked user's ISP does not share the same IP address space as the original DNS server that was hacked, and that the rest of the world is going merrily on using the site as if nothing happened. This shows that the more than one primary DNS server has been selectively hacked, SPECIFICALLY to stop certain individuals who are geographically distant, from reaching it. This takes the ability to monitor WHO uses the site, from where, then determine an exploitable DNS server for each persons IP range, and then balance it all in real time. The time and resources for this are beyond that of an individual, even a very dedicated one. it would take a cabal to repeatedly do this hack successfully to the same person or group of people, without being caught. There are no hackers that would attempt to do so and risk the consequences, without a good bit of gain involved, and in this case, there is no gain to be had.

So only those with a very different and compelling motive, as well as an absolute reason to believe that no consequences could touch them, would even try this on RMN. Can you say "N.S.A."? I really liked the way you said that. Welcome to the neighbor...HOODS!