[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Declining traffic
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Declining traffic
- From: Jon <torance.ca@xxxxxxxxx>
- Date: Fri, 23 Apr 2010 10:42:25 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 23 Apr 2010 11:42:34 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=6UcsV8GoX4nUiM0osuWPLyhzQu5Q8Le7grg01KLgR28=; b=WtroBiRd8yO1s8xzcLGNVpZrgvCZcq92plwNtBt5O/HRowvvoMbl0gxctqCp1OrLmf qtAS8r/2LhO2nOyrHHnPUgmSK3HMkGBdfJtFabzwF9Pjrqqp38+GUj+qV6nAZFC11LRs 8mUCrG6sAsxP6ddXQchUT9h2FENgMao5k3rqw=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=TTQMbxEFWeyI0+0u1hdL1v8FUQuxzrKarXBE3YT0xL78AKn63E6V5akoiS4JgNtUSK sYsu3QEwSbDMBuXR2IeqLBuCSbGlNlGyen0w0Xp6XZn/dZXyQneIsPjf29dwEr0cMqhi d0HJp+yJ5FY+5V6v8pjIPFXgbW+L7z2u5sX48=
- In-reply-to: <201004231514.o3NFEgx1005085@xxxxxxxxxxxxx>
- References: <201004231514.o3NFEgx1005085@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I came across this info which may be related or not about the possible
botnets. There is a new P2P botnet forming. The Trojan it uses is '
Heloag ' .
this is the url that gives info about it:
http://threatpost.com/en_us/blogs/new-p2p-botnet-forming-041310?utm_source=Threatpost+Spotlight+Email&utm_medium=Email+Marketing+-+CRM+List&utm_campaign=Threatpost+Spotlight&CID=
this is the short url: http://threatpost.com/en_us/OTQ
FYI
On Fri, Apr 23, 2010 at 10:14 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
> On Fri, 23 Apr 2010 15:51:59 +0200 Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
> wrote:
>>On Apr 23, 2010, at 3:21 PM, Timo Schoeler wrote:
>>> thus Brian Mearns spake:
>>>> Any chance your ISP is throttling you?
>>>
>>> 100% *not*.
>>
>>Another possibility would be that your relay is heavily
>>overloaded. See the big thread on tor-relays about
>>the problems and potential solutions [0].
>>
> Sebastian, there was something that looked very much like a botnet
> attack running for two or three hours this a.m. It seems to have stopped
> now. I had shut down my machine to install operating system updates.
> When all that was finished and I finally brought the system back up, for
> some unknown reason, pf did not start. (As if there were not going to be
> enough confusion as things already were. Sigh.) As soon as I noticed pf
> wasn't running, I started it manually and loaded a block list. But pftop
> continued to pour forth log entries of illicit connection attempts from
> untold numbers of IP addresses and to scads of different TCP port numbers.
> I kept stopping and starting the logging, so that I could see the log
> entries long enough to add the addresses to that block list. I eventually
> got crosseyed from adding somewhere between 200 and 300 IP addresses to
> the list. :-( When I then let the logging continue, it had stopped
> getting any new stuff to log.
> It was very intense while it lasted, but in the larger scheme of
> things, it was of very short duration for a coordinated attack. I doubt
> that my system was the onlyt tor relay being attacked. In fact, I think
> the attack began a short time after my node appeared in the consensus,
> although at this point I can't prove it.
> What I would like to know is how many systems were attacked this
> a.m. in that manner, were only systems running tor relays attacked,
> who shut it off, etc. If anyone else on this list noticed anything between
> 5:00 a.m. CDT and 8:00 a.m. CDT, please post the details here. Thanks!
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/