[Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Tyler Durden
camera_lumina at hotmail.com
Tue Aug 2 09:03:21 PDT 2005
Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service
attacks at least, but this is an "obscure" Tor node. Someone attacking it at
this stage in the game has a real agenda (perhaps they want to see if
certain websites get disrupted? Does Tor work that way for short-ish periods
of time?)
At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs
mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has
sold certain GbE-centered Datapipe providers.) Your attacker might actually
be interested in pre-stressing the infrastructure in front of that router.
Just a guess, but I'm "stupid" after all.
-TD
>From: Eugen Leitl <eugen at leitl.org>
>To: Dan McDonald <danmcd at east.sun.com>, camera_lumina at hotmail.com,
>cypherpunks at jfet.org
>Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda
>websites are wiped out
>Date: Tue, 2 Aug 2005 10:15:49 +0200
>
>On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote:
>
> > I'm surprised that the target node has that much INBOUND bandwidth,
>quite
> > frankly.
>
>The node itself has only a Fast Ethernet port, but there's
>some 4 GBit available outside of the router.
>
>I'm genuinely glad the node has been taken offline as soon
>as the traffic started coming in in buckets, and I didn't
>have to foot the entire bill (the whole incident only
>cost me 20-30 GByte overall as far as I can tell).
>
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBM: 48.07100, 11.36820 http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>
>[demime 1.01d removed an attachment of type application/pgp-signature which
>had a name of signature.asc]
More information about the cypherpunks-legacy
mailing list