[133857] in North American Network Operators' Group
Re: Spamhaus under DDOS from AnonOps (Wikileaks.info)
daemon@ATHENA.MIT.EDU (Jack Bates)
Sat Dec 18 23:59:02 2010
Date: Sat, 18 Dec 2010 22:58:48 -0600
From: Jack Bates <jbates@brightok.net>
To: Marshall Eubanks <tme@americafree.tv>
In-Reply-To: <61B1E7C7-ED24-4CC2-B9E6-11CCBA1AFC6E@americafree.tv>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/18/2010 5:15 PM, Marshall Eubanks wrote:
>
> I get nothing from wikileaks.org, although the DNS is active :
>
$ host wikileaks.org
wikileaks.org has address 64.64.12.170
$ telnet 64.64.12.170 80
Trying 64.64.12.170...
Connected to 64.64.12.170.
Escape character is '^]'.
GET / HTTP/1.1
Host: wikileaks.org
HTTP/1.1 302 Found
Date: Sun, 19 Dec 2010 04:56:23 GMT
Server: Apache
Location: http://mirror.wikileaks.info/
Content-Length: 213
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a
href="http://mirror.wikileaks.info/">here</a>.</p>
</body></html>
Connection to 64.64.12.170 closed by foreign host.
> and, at least here, a traceroute disappears into servint
> <snip>
> 8 64.125.195.222.t00883-02.above.net (64.125.195.222) 15.905 ms 12.172 ms 12.072 ms
> 9 sc-smv1766.servint.net (216.22.61.86) 15.879 ms 11.974 ms 13.761 ms
> 10 * * *
>
I see same timeouts, but tcp/80 is going through. Filtering, I suspect.
Jack
