[Clips] Finger points to British intelligence as al-Qaeda websites are wiped out

Eugen Leitl eugen at leitl.org
Mon Aug 1 23:44:21 PDT 2005 

On Mon, Aug 01, 2005 at 01:51:57PM -0400, Tyler Durden wrote:

> What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy
> but that sounds suspiciously like someone loaded up an OC-3's worth of
> traffic and then slammed your node. Ain't no hacker gonna do that. Any
> indication the ostensible originating IP addresses are faked?

No, it looked like a vanilla DDoS. According to the hoster, I've only
seen a small piece of the log, which looked like this:

09:21:54.322650 IP 67.9.36.207 > 213.239.210.243: icmp
09:21:54.322776 IP 218.102.186.215 > 213.239.210.243: icmp
09:21:54.322895 IP 24.242.31.137 > 213.239.210.243: icmp
09:21:54.323017 IP 61.62.83.208 > 213.239.210.243: icmp
09:21:54.323140 IP 68.197.59.153 > 213.239.210.243: icmp
09:21:54.323263 IP 202.138.17.65 > 213.239.210.243: icmp
09:21:54.323375 IP 221.171.34.81 > 213.239.210.243: icmp 1376: echo
request seq 23306
09:21:54.323500 IP 150.199.172.221 > 213.239.210.243: icmp
09:21:54.323623 IP 62.150.154.191 > 213.239.210.243: icmp
09:21:54.323741 IP 221.231.54.152 > 213.239.210.243: icmp
09:21:54.323863 IP 222.241.149.165 > 213.239.210.243: icmp 1456: echo
request seq 24842
09:21:54.323984 IP 61.81.134.200 > 213.239.210.243: icmp
09:21:54.324105 IP 60.20.101.125 > 213.239.210.243: icmp
09:21:54.324227 IP 219.77.117.204 > 213.239.210.243: icmp
09:21:54.324229 IP 85.98.134.51 > 213.239.210.243: icmp
09:21:54.324355 IP 61.149.3.249 > 213.239.210.243: icmp
09:21:54.324475 IP 218.9.240.32 > 213.239.210.243: icmp 1456: echo
request seq 29962
09:21:54.324598 IP 24.115.79.52 > 213.239.210.243: icmp
09:21:54.324720 IP 12.217.75.61 > 213.239.210.243: icmp
09:21:54.324844 IP 202.161.4.210 > 213.239.210.243: icmp
09:21:54.324847 IP 139.4.150.122.14238 > 213.239.209.107.80: R
2598318330:2598318330(0) win 0
09:21:54.324973 IP 211.203.38.29 > 213.239.210.243: icmp
09:21:54.325101 IP 68.74.58.171 > 213.239.210.243: icmp
09:21:54.325240 IP 211.214.159.102 > 213.239.210.243: icmp
09:21:54.325341 IP 221.231.53.52 > 213.239.210.243: icmp
09:21:54.325465 IP 24.20.194.42 > 213.239.210.243: icmp

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list