[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Botnet attack? [was: Re: Declining traffic]
On 26 April 2010 09:59, Timo Schoeler <timo.schoeler@xxxxxxxxxxxxx>
When running tor, I see
i) CPU cycles being eaten up by tor almost entirely;
ii) my machine experiences things like those:
One is a chinese dialup, the other ones are from a big German ISP
(Deutsche Telekom AG). For me it really seems as there's some kind of
botnet attack going on.
What makes you think that this is a botnet attack? What are the characteristics of a botnet attack, and how do these logs exhibit them? If there are only a few IP addresses, wouldn't that contraindicate botnet involvement?
On a loosely related note, it would generally be a good idea to mask IP addresses on public mailing lists.