[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Botnet attack? [was: Re: Declining traffic]

On 26 April 2010 09:59, Timo Schoeler <timo.schoeler@xxxxxxxxxxxxx> wrote:
When running tor, I see

i) CPU cycles being eaten up by tor almost entirely;

ii) my machine experiences things like those:

One is a chinese dialup, the other ones are from a big German ISP
(Deutsche Telekom AG). For me it really seems as there's some kind of
botnet attack going on.


What makes you think that this is a botnet attack? What are the characteristics of a botnet attack, and how do these logs exhibit them? If there are only a few IP addresses, wouldn't that contraindicate botnet involvement?
On a loosely related note, it would generally be a good idea to mask IP addresses on public mailing lists.