Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service attacks at least, but this is an "obscure" Tor node. Someone attacking it at this stage in the game has a real agenda (perhaps they want to see if certain websites get disrupted? Does Tor work that way for short-ish periods of time?) At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has sold certain GbE-centered Datapipe providers.) Your attacker might actually be interested in pre-stressing the infrastructure in front of that router. Just a guess, but I'm "stupid" after all. -TD
From: Eugen Leitl <eugen@leitl.org> To: Dan McDonald <danmcd@east.sun.com>, camera_lumina@hotmail.com, cypherpunks@jfet.org Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Tue, 2 Aug 2005 10:15:49 +0200
On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote:
I'm surprised that the target node has that much INBOUND bandwidth, quite frankly.
The node itself has only a Fast Ethernet port, but there's some 4 GBit available outside of the router.
I'm genuinely glad the node has been taken offline as soon as the traffic started coming in in buckets, and I didn't have to foot the entire bill (the whole incident only cost me 20-30 GByte overall as far as I can tell).
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]