Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service
attacks at least, but this is an "obscure" Tor node. Someone attacking it at
this stage in the game has a real agenda (perhaps they want to see if
certain websites get disrupted? Does Tor work that way for short-ish periods
of time?)
At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs
mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has
sold certain GbE-centered Datapipe providers.) Your attacker might actually
be interested in pre-stressing the infrastructure in front of that router.
Just a guess, but I'm "stupid" after all.
-TD
From: Eugen Leitl <[EMAIL PROTECTED]>
To: Dan McDonald <[EMAIL PROTECTED]>, [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda
websites are wiped out
Date: Tue, 2 Aug 2005 10:15:49 +0200
On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote:
> I'm surprised that the target node has that much INBOUND bandwidth,
quite
> frankly.
The node itself has only a Fast Ethernet port, but there's
some 4 GBit available outside of the router.
I'm genuinely glad the node has been taken offline as soon
as the traffic started coming in in buckets, and I didn't
have to foot the entire bill (the whole incident only
cost me 20-30 GByte overall as far as I can tell).
--
Eugen* Leitl <a href="http://leitl.org";>leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]
