I remember as a youngling in the olden days of these internets you young
fellows are so fond of, that a dial up analog modem connection actual
throughput would max out at 53.3kb. Something about how encapsulation overhead
would take a portion out of the total possible V.92 modulation and compression
scheme.
Ah... the days of old, and the excitement every day to see if the connection
would " train" past 50kb...
Such fond memories of yore...
-------- Original message --------
From: Jann Horn <j...@thejh.net>
Date: 08/16/2013 3:31 PM (GMT-06:00)
To: Jeffrey Walton <noloa...@gmail.com>
Cc: Full Disclosure List <full-disclosure@lists.grok.org.uk>
Subject: Re: [Full-disclosure] Who's behind limestonenetworks.com AKA DDoS on
polipo(8123)
On Fri, Aug 16, 2013 at 01:37:54PM -0400, Jeffrey Walton wrote:
> On Fri, Aug 16, 2013 at 1:31 PM, Jann Horn <j...@thejh.net> wrote:
> > On Thu, Aug 15, 2013 at 05:29:52PM -0300, Luther Blissett wrote:
> >> Hello dear companions,
> >>
> >> Two days ago one of my tor exit nodes experienced something I'm now
> >> calling "limestonenetworks DDoS on polipo" ( $WAN_IP:8123 ), since all
> >
> > DDoS? So you mean your systems were impacted by that?
> He may be running an exit node for the benefit of others on a low
> bandwidth connection.
>
> Forgive me if you were joking with an old friend, or I missed something.
Let's check how massive that "attack" is.
He said above 30 packets per second, right? I'll just assume it's around 30.
And the sample packet from that "packet storm" contained this part: "LEN=52".
So that's around 1500 bytes per second, or 12 kilobits per second. And those
packets are downstream for him.
Now take a look at <http://en.wikipedia.org/wiki/Modem#List_of_dialup_speeds>.
A good modem connection can give you up to 56kbit/s per direction as far as I
understand. So unless I made some weird calculation errors, someone on a good
modem connection should be able to take that "attack" without any problems.
An "attack" from one (!) bot on a normal DSL line should already be much bigger.
Calling this a DoS attack would be ridiculous, calling it a DDoS even more so.
(Of course, it might still be that he really was hacked and his systems were
attacked in a smarter way, but it's very clear that nobody tried to take him
out with pure bandwidth.)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
