Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out

On Mon, Aug 01, 2005 at 01:51:57PM -0400, Tyler Durden wrote:

What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy but that sounds suspiciously like someone loaded up an OC-3's worth of traffic and then slammed your node. Ain't no hacker gonna do that. Any indication the ostensible originating IP addresses are faked?

No, it looked like a vanilla DDoS. According to the hoster, I've only seen a small piece of the log, which looked like this: 09:21:54.322650 IP 67.9.36.207 > 213.239.210.243: icmp 09:21:54.322776 IP 218.102.186.215 > 213.239.210.243: icmp 09:21:54.322895 IP 24.242.31.137 > 213.239.210.243: icmp 09:21:54.323017 IP 61.62.83.208 > 213.239.210.243: icmp 09:21:54.323140 IP 68.197.59.153 > 213.239.210.243: icmp 09:21:54.323263 IP 202.138.17.65 > 213.239.210.243: icmp 09:21:54.323375 IP 221.171.34.81 > 213.239.210.243: icmp 1376: echo request seq 23306 09:21:54.323500 IP 150.199.172.221 > 213.239.210.243: icmp 09:21:54.323623 IP 62.150.154.191 > 213.239.210.243: icmp 09:21:54.323741 IP 221.231.54.152 > 213.239.210.243: icmp 09:21:54.323863 IP 222.241.149.165 > 213.239.210.243: icmp 1456: echo request seq 24842 09:21:54.323984 IP 61.81.134.200 > 213.239.210.243: icmp 09:21:54.324105 IP 60.20.101.125 > 213.239.210.243: icmp 09:21:54.324227 IP 219.77.117.204 > 213.239.210.243: icmp 09:21:54.324229 IP 85.98.134.51 > 213.239.210.243: icmp 09:21:54.324355 IP 61.149.3.249 > 213.239.210.243: icmp 09:21:54.324475 IP 218.9.240.32 > 213.239.210.243: icmp 1456: echo request seq 29962 09:21:54.324598 IP 24.115.79.52 > 213.239.210.243: icmp 09:21:54.324720 IP 12.217.75.61 > 213.239.210.243: icmp 09:21:54.324844 IP 202.161.4.210 > 213.239.210.243: icmp 09:21:54.324847 IP 139.4.150.122.14238 > 213.239.209.107.80: R 2598318330:2598318330(0) win 0 09:21:54.324973 IP 211.203.38.29 > 213.239.210.243: icmp 09:21:54.325101 IP 68.74.58.171 > 213.239.210.243: icmp 09:21:54.325240 IP 211.214.159.102 > 213.239.210.243: icmp 09:21:54.325341 IP 221.231.53.52 > 213.239.210.243: icmp 09:21:54.325465 IP 24.20.194.42 > 213.239.210.243: icmp -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]