I was just reading somewhere about a DDOS attack aganist the English al-jazeera server. My best guess is that they've filtered out ICMP packets at the router to avoid the possibility of a ping flood.
ap ---------------------------------------------------------------------- Andrew J Perrin - http://www.unc.edu/~aperrin Assistant Professor of Sociology, U of North Carolina, Chapel Hill [EMAIL PROTECTED] * andrew_perrin (at) unc.edu On Thu, 27 Mar 2003, Paul D. Boyle wrote: > Hi All, > > I am using <ob linux>SuSE 7.3</ob linux>. I was trying to connect to > http://english.aljazeera.net and wasn't able to get through. I wanted > to see if the host was up so, I pinged it and got this output: > > boyle:/~% ping english.aljazeera.net > PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84) bytes of d > ata. > >From jerry.exodus.net (216.34.83.66): icmp_seq=2 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=2 Packet filtered > > --- english.aljazeera.net ping statistics --- > 6 packets transmitted, 0 received, +2 errors, 100% loss, time 5024ms > > boyle:/~% ping english.aljazeera.net > PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84) bytes of data. > >From jerry.exodus.net (216.34.83.66): icmp_seq=18 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=18 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=32 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=41 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=50 Packet filtered > >From jerry.exodus.net (216.34.83.66) icmp_seq=57 Packet filtered > > > I have never seen the "Packet filtered" message before. I did a > 'whois' for this host and tracked down some phone numbers. I called the > network operations people of the organization which seems to administer > 'jerry.exodus.net'. I was told to send an email to them, which I did. > Oddly enough, though, after my phone call, the behavior of 'ping' changed. > Now this is the output I get: > > boyle:/x03033% ping english.aljazeera.net > PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84) bytes of data. > > --- english.aljazeera.net ping statistics --- > 309 packets transmitted, 0 received, 100% loss, time 308019ms > > boyle:/x03033% !ping > ping english.aljazeera.net > PING english.aljazeera.net (216.34.94.186) from 152.1.38.206 : 56(84) bytes of data. > > --- english.aljazeera.net ping statistics --- > 381 packets transmitted, 0 received, 100% loss, time 380015ms > > >From my reading of Stevens' "TCP/IP Illustrated Volime 1", I can see that > ICMP packets can return a number of codes. The message seems to most > closely correspond to code 13, which is, "communication administratively > prohibited by filtering", although I guess there are other possibilities > (I need to look in the source for ping). > > Does anyone know (or have an opinion) whether this indicates a bona fide > technical problem, or why would a site be blocked like this? > > Thanks for any help. > > Paul > > -- > Paul D. Boyle | [EMAIL PROTECTED] > Director, X-ray Structural Facility | phone: (919) 515-7362 > Department of Chemistry - Box 8204 | FAX: (919) 515-5079 > North Carolina State University | http://www.xray.ncsu.edu > Raleigh, NC, 27695-8204 > _______________________________________________ > TriLUG mailing list > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ: > http://www.trilug.org/~lovelace/faq/TriLUG-faq.html > _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
