Al Jazeera's web site (www.aljazeera.net) has been intermittently
unavailable today. Al Jazeera's spokesperson indicated it might be
hackers, but it could have just been lots of people trying to reach the
web site to see the pictures US television networks wouldn't broadcast,
overloading their servers.
That's the only "high visibility" problem I've heard of so far. There
has been the normal background level of stuff on the net, cable cuts, web
defacements, perpetual ddos attacks, etc.
:
: Al Jazeera's web site (www.aljazeera.net) has been intermittently
: unavailable today. Al Jazeera's spokesperson indicated it might be
: hackers, but it could have just been lots of people trying to reach the
: web site to see the pictures US television networks wouldn't broadcast,
: overloading their servers.
:
: That's the only "high visibility" problem I've heard of so far. There
: has been the normal background level of stuff on the net, cable cuts, web
: defacements, perpetual ddos attacks, etc.
:
It was DDoSed even the nameservers routes were null due to the DDoS huge
size.
Thanks,
-Abdullah
: It was DDoSed even the nameservers routes were null due to the DDoS huge
: size.
:
: Thanks,
:
: -Abdullah
I noticed today that a traceroute to this host from my network exited
at 4 or 5 hops on west coast at a major providers network.
james
Its common for popular web sites to locate their major servers
topologically in the network away from their organization's geographic
location. For example, the BBC (a UK organization) has web servers
in New York City. So it doesn't surprise me to see Al Jezeera's web
servers connected through New Jersey.
Al Jazeera's main web site (64.106.198.10) is still very slow, but I can
get to their english language web site on the same subnet (64.106.198.16).
So its acting more like a overloaded web server than a DDOS. But I don't
have any special insight into Al Jazeera's network.
: On Mon, 24 Mar 2003, james wrote:
: > : It was DDoSed even the nameservers routes were null due to the DDoS huge
: > : size.
: >
: > I noticed today that a traceroute to this host from my network exited
: > at 4 or 5 hops on west coast at a major providers network.
:
: Its common for popular web sites to locate their major servers
: topologically in the network away from their organization's geographic
Sorry I was not clear. I ment someone was null routing this host
way before I got close to the destination.
james wrote:
Sorry I was not clear. I ment someone was null routing this host
way before I got close to the destination.
Now that's interesting... the Cyber Defense Initiative at work?
Jeff
:
: On Mon, 24 Mar 2003, james wrote:
: > : It was DDoSed even the nameservers routes were null due to the DDoS
huge
: > : size.
: >
: > I noticed today that a traceroute to this host from my network exited
: > at 4 or 5 hops on west coast at a major providers network.
:
: Its common for popular web sites to locate their major servers
: topologically in the network away from their organization's geographic
: location. For example, the BBC (a UK organization) has web servers
: in New York City. So it doesn't surprise me to see Al Jezeera's web
: servers connected through New Jersey.
:
: Al Jazeera's main web site (64.106.198.10) is still very slow, but I can
: get to their english language web site on the same subnet (64.106.198.16).
: So its acting more like a overloaded web server than a DDOS. But I don't
: have any special insight into Al Jazeera's network.
I tried to traceroute it from Level3 looking Glass yesterday when it was
down
http://www.l3.com/LookingGlass/ and I got this:
Traceroute From Traceroute To
New York, NY www.aljazeera.net
Domain name lookup for 'www.aljazeera.net' failed.
Exiting.
Beside I called the Tech guys in AlJazeera and told me they are working with
opentransit and DataPipe to stop the attack ASAP.
I tried to did nslookup using
ALJNS1SA.NAV-LINK.NET 217.26.193.15
ALJNS1HB.DATAPIPE.COM 64.106.198.4
But none did work, and the route to 217.26.193.15 was nulled and I couldn't
run traceroute to 64.106.198.4 maybe DataPipe was filtering the ICMP And the
UDP to that IP it was dieing within DataPipe network.
route-server>traceroute 64.106.198.4
Type escape sequence to abort.
Tracing the route to aljns1hb.datapipe.com (64.106.198.4)
1 white_dwarf.cbbtier3.att.net (12.0.1.1) [AS 7018] 0 msec 200 msec 4 msec
2 ar3.n54ny.ip.att.net (12.126.0.30) [AS 7018] 204 msec 200 msec 204 msec
3 gbr1-a30s10.n54ny.ip.att.net (12.127.5.142) [AS 7018] 204 msec 204 msec
4 msec
4 tbr1-p013202.n54ny.ip.att.net (12.122.11.1) [AS 7018] 204 msec 204 msec
200 msec
5 gar4-p300.n54ny.ip.att.net (12.123.3.2) [AS 7018] 200 msec 200 msec 204
msec
6 att-gw.ny.qwest.net (192.205.32.170) [AS 7018] 200 msec 204 msec 200
msec
7 jfk-core-02.inet.qwest.net (205.171.230.22) [AS 209] 200 msec 4 msec 200
msec
8 ewr-core-01.inet.qwest.net (205.171.8.245) [AS 209] 200 msec 204 msec
204 msec
9 ewr-cntr-01.inet.qwest.net (205.171.17.146) [AS 209] 204 msec 200 msec
208 msec
10 msfc-24.ewr.qwest.net (63.146.100.66) [AS 209] 208 msec 200 msec 204
msec
11 * * *
12 vlan11.aggr2.ewr.datapipe.net (64.106.128.6) [AS 14492] 0 msec 4 msec 0
msec
13 * * *
14 * * *
Thanks,
-A