Al Jazeera DOSed or just lots of traffic
Al Jazeera's web site (www.aljazeera.net) has been intermittently unavailable today. Al Jazeera's spokesperson indicated it might be hackers, but it could have just been lots of people trying to reach the web site to see the pictures US television networks wouldn't broadcast, overloading their servers. That's the only "high visibility" problem I've heard of so far. There has been the normal background level of stuff on the net, cable cuts, web defacements, perpetual ddos attacks, etc.
----- Original Message ----- From: "Sean Donelan" <sean@donelan.com> To: <nanog@merit.edu> Sent: Tuesday, March 25, 2003 2:31 AM Subject: Al Jazeera DOSed or just lots of traffic : : Al Jazeera's web site (www.aljazeera.net) has been intermittently : unavailable today. Al Jazeera's spokesperson indicated it might be : hackers, but it could have just been lots of people trying to reach the : web site to see the pictures US television networks wouldn't broadcast, : overloading their servers. : : That's the only "high visibility" problem I've heard of so far. There : has been the normal background level of stuff on the net, cable cuts, web : defacements, perpetual ddos attacks, etc. : It was DDoSed even the nameservers routes were null due to the DDoS huge size. Thanks, -Abdullah
: It was DDoSed even the nameservers routes were null due to the DDoS huge : size. : : Thanks, : : -Abdullah I noticed today that a traceroute to this host from my network exited at 4 or 5 hops on west coast at a major providers network. james
On Mon, 24 Mar 2003, james wrote:
: It was DDoSed even the nameservers routes were null due to the DDoS huge : size.
I noticed today that a traceroute to this host from my network exited at 4 or 5 hops on west coast at a major providers network.
Its common for popular web sites to locate their major servers topologically in the network away from their organization's geographic location. For example, the BBC (a UK organization) has web servers in New York City. So it doesn't surprise me to see Al Jezeera's web servers connected through New Jersey. Al Jazeera's main web site (64.106.198.10) is still very slow, but I can get to their english language web site on the same subnet (64.106.198.16). So its acting more like a overloaded web server than a DDOS. But I don't have any special insight into Al Jazeera's network.
: On Mon, 24 Mar 2003, james wrote: : > : It was DDoSed even the nameservers routes were null due to the DDoS huge : > : size. : > : > I noticed today that a traceroute to this host from my network exited : > at 4 or 5 hops on west coast at a major providers network. : : Its common for popular web sites to locate their major servers : topologically in the network away from their organization's geographic Sorry I was not clear. I ment someone was null routing this host way before I got close to the destination.
----- Original Message ----- From: "Sean Donelan" <sean@donelan.com> To: <nanog@merit.edu> Sent: Tuesday, March 25, 2003 9:17 AM Subject: Re: Al Jazeera DOSed or just lots of traffic : : On Mon, 24 Mar 2003, james wrote: : > : It was DDoSed even the nameservers routes were null due to the DDoS huge : > : size. : > : > I noticed today that a traceroute to this host from my network exited : > at 4 or 5 hops on west coast at a major providers network. : : Its common for popular web sites to locate their major servers : topologically in the network away from their organization's geographic : location. For example, the BBC (a UK organization) has web servers : in New York City. So it doesn't surprise me to see Al Jezeera's web : servers connected through New Jersey. : : Al Jazeera's main web site (64.106.198.10) is still very slow, but I can : get to their english language web site on the same subnet (64.106.198.16). : So its acting more like a overloaded web server than a DDOS. But I don't : have any special insight into Al Jazeera's network. I tried to traceroute it from Level3 looking Glass yesterday when it was down http://www.l3.com/LookingGlass/ and I got this: Traceroute From Traceroute To New York, NY www.aljazeera.net Domain name lookup for 'www.aljazeera.net' failed. Exiting. Beside I called the Tech guys in AlJazeera and told me they are working with opentransit and DataPipe to stop the attack ASAP. I tried to did nslookup using ALJNS1SA.NAV-LINK.NET 217.26.193.15 ALJNS1HB.DATAPIPE.COM 64.106.198.4 But none did work, and the route to 217.26.193.15 was nulled and I couldn't run traceroute to 64.106.198.4 maybe DataPipe was filtering the ICMP And the UDP to that IP it was dieing within DataPipe network. route-server>traceroute 64.106.198.4 Type escape sequence to abort. Tracing the route to aljns1hb.datapipe.com (64.106.198.4) 1 white_dwarf.cbbtier3.att.net (12.0.1.1) [AS 7018] 0 msec 200 msec 4 msec 2 ar3.n54ny.ip.att.net (12.126.0.30) [AS 7018] 204 msec 200 msec 204 msec 3 gbr1-a30s10.n54ny.ip.att.net (12.127.5.142) [AS 7018] 204 msec 204 msec 4 msec 4 tbr1-p013202.n54ny.ip.att.net (12.122.11.1) [AS 7018] 204 msec 204 msec 200 msec 5 gar4-p300.n54ny.ip.att.net (12.123.3.2) [AS 7018] 200 msec 200 msec 204 msec 6 att-gw.ny.qwest.net (192.205.32.170) [AS 7018] 200 msec 204 msec 200 msec 7 jfk-core-02.inet.qwest.net (205.171.230.22) [AS 209] 200 msec 4 msec 200 msec 8 ewr-core-01.inet.qwest.net (205.171.8.245) [AS 209] 200 msec 204 msec 204 msec 9 ewr-cntr-01.inet.qwest.net (205.171.17.146) [AS 209] 204 msec 200 msec 208 msec 10 msfc-24.ewr.qwest.net (63.146.100.66) [AS 209] 208 msec 200 msec 204 msec 11 * * * 12 vlan11.aggr2.ewr.datapipe.net (64.106.128.6) [AS 14492] 0 msec 4 msec 0 msec 13 * * * 14 * * * Thanks, -A
participants (4)
-
Abdullah Ibn Hamad Al-Marri -
james -
Jeff Kell -
Sean Donelan