Declining traffic
Jon
torance.ca at gmail.com
Fri Apr 23 15:42:25 UTC 2010
I came across this info which may be related or not about the possible
botnets. There is a new P2P botnet forming. The Trojan it uses is '
Heloag ' .
this is the url that gives info about it:
http://threatpost.com/en_us/blogs/new-p2p-botnet-forming-041310?utm_source=Threatpost+Spotlight+Email&utm_medium=Email+Marketing+-+CRM+List&utm_campaign=Threatpost+Spotlight&CID=
this is the short url: http://threatpost.com/en_us/OTQ
FYI
On Fri, Apr 23, 2010 at 10:14 AM, Scott Bennett <bennett at cs.niu.edu> wrote:
> On Fri, 23 Apr 2010 15:51:59 +0200 Sebastian Hahn <mail at sebastianhahn.net>
> wrote:
>>On Apr 23, 2010, at 3:21 PM, Timo Schoeler wrote:
>>> thus Brian Mearns spake:
>>>> Any chance your ISP is throttling you?
>>>
>>> 100% *not*.
>>
>>Another possibility would be that your relay is heavily
>>overloaded. See the big thread on tor-relays about
>>the problems and potential solutions [0].
>>
> Sebastian, there was something that looked very much like a botnet
> attack running for two or three hours this a.m. It seems to have stopped
> now. I had shut down my machine to install operating system updates.
> When all that was finished and I finally brought the system back up, for
> some unknown reason, pf did not start. (As if there were not going to be
> enough confusion as things already were. Sigh.) As soon as I noticed pf
> wasn't running, I started it manually and loaded a block list. But pftop
> continued to pour forth log entries of illicit connection attempts from
> untold numbers of IP addresses and to scads of different TCP port numbers.
> I kept stopping and starting the logging, so that I could see the log
> entries long enough to add the addresses to that block list. I eventually
> got crosseyed from adding somewhere between 200 and 300 IP addresses to
> the list. :-( When I then let the logging continue, it had stopped
> getting any new stuff to log.
> It was very intense while it lasted, but in the larger scheme of
> things, it was of very short duration for a coordinated attack. I doubt
> that my system was the onlyt tor relay being attacked. In fact, I think
> the attack began a short time after my node appeared in the consensus,
> although at this point I can't prove it.
> What I would like to know is how many systems were attacked this
> a.m. in that manner, were only systems running tor relays attacked,
> who shut it off, etc. If anyone else on this list noticed anything between
> 5:00 a.m. CDT and 8:00 a.m. CDT, please post the details here. Thanks!
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list