Al Jazeera DOSed or just lots of traffic

• Previous message (by thread): Al Jazeera DOSed or just lots of traffic
• Next message (by thread): clued-in AOL postmaster?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Sean Donelan" <sean at donelan.com>
To: <nanog at merit.edu>
Sent: Tuesday, March 25, 2003 9:17 AM
Subject: Re: Al Jazeera DOSed or just lots of traffic


:
: On Mon, 24 Mar 2003, james wrote:
: > : It was DDoSed even the nameservers routes were null due to the DDoS
huge
: > : size.
: >
: > I noticed today that a traceroute to this host from my network exited
: > at 4 or 5 hops on west coast at a major providers network.
:
: Its common for popular web sites to locate their major servers
: topologically in the network away from their organization's geographic
: location.  For example, the BBC (a UK organization) has web servers
: in New York City.  So it doesn't surprise me to see Al Jezeera's web
: servers connected through New Jersey.
:
: Al Jazeera's main web site (64.106.198.10) is still very slow, but I can
: get to their english language web site on the same subnet (64.106.198.16).
: So its acting more like a overloaded web server than a DDOS.  But I don't
: have any special insight into Al Jazeera's network.

I tried to traceroute it from Level3 looking Glass  yesterday when it was
down
http://www.l3.com/LookingGlass/ and I got this:

Traceroute From Traceroute To

New York, NY www.aljazeera.net



Domain name lookup for 'www.aljazeera.net' failed.
Exiting.

Beside I called the Tech guys in AlJazeera and told me they are working with
opentransit and DataPipe to stop the attack ASAP.

I tried to did nslookup using

   ALJNS1SA.NAV-LINK.NET        217.26.193.15
   ALJNS1HB.DATAPIPE.COM        64.106.198.4

But none did work, and the route to  217.26.193.15 was nulled and I couldn't
run traceroute to 64.106.198.4 maybe DataPipe was filtering the ICMP And the
UDP to that IP it was dieing within DataPipe network.

route-server>traceroute 64.106.198.4

Type escape sequence to abort.
Tracing the route to aljns1hb.datapipe.com (64.106.198.4)

  1 white_dwarf.cbbtier3.att.net (12.0.1.1) [AS 7018] 0 msec 200 msec 4 msec
  2 ar3.n54ny.ip.att.net (12.126.0.30) [AS 7018] 204 msec 200 msec 204 msec
  3 gbr1-a30s10.n54ny.ip.att.net (12.127.5.142) [AS 7018] 204 msec 204 msec
4 msec
  4 tbr1-p013202.n54ny.ip.att.net (12.122.11.1) [AS 7018] 204 msec 204 msec
200 msec
  5 gar4-p300.n54ny.ip.att.net (12.123.3.2) [AS 7018] 200 msec 200 msec 204
msec
  6 att-gw.ny.qwest.net (192.205.32.170) [AS 7018] 200 msec 204 msec 200
msec
  7 jfk-core-02.inet.qwest.net (205.171.230.22) [AS 209] 200 msec 4 msec 200
msec
  8 ewr-core-01.inet.qwest.net (205.171.8.245) [AS 209] 200 msec 204 msec
204 msec
  9 ewr-cntr-01.inet.qwest.net (205.171.17.146) [AS 209] 204 msec 200 msec
208 msec
 10 msfc-24.ewr.qwest.net (63.146.100.66) [AS 209] 208 msec 200 msec 204
msec
 11  *  *  *
 12 vlan11.aggr2.ewr.datapipe.net (64.106.128.6) [AS 14492] 0 msec 4 msec 0
msec
 13  *  *  *
 14  *  *  *

Thanks,

-A

• Previous message (by thread): Al Jazeera DOSed or just lots of traffic
• Next message (by thread): clued-in AOL postmaster?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]