LJ support posted an interesting map.

[xiphias]

A map of where the DDOS attacks are coming from.

Distributed Denial of Service attacks are done by people infecting a very large number of computers with a virus, which then allows those people to take control of those computers and use them to access a website so often and so fast that the server cannot keep up with all the incoming pings, and crashes.

This is, of course, one of the MANY reasons to keep your virus scanners up to date, and keep up your security patches. It's not just for you -- it's for everyone else, too.

Which is just to say, to you, my Israeli friends -- UPDATE YOUR DANG VIRUS DEFINITIONS! Also Jamaica, Puerto Rico, and the Philippines.

Comments

[solipsistnation.livejournal.com]

This DDoS is coming from INSIDE THE HOUSE!

[daharyn.livejournal.com]

Just how accurate is the map? I mean, the one NYC-area marker is, if you zoom in far enough, at the back of a house on E 3rd St (approximately number 265) between Albemarle Rd and Church Ave in Kensington, Brooklyn.

[xiphias.livejournal.com]

I really doubt that it's THAT accurate. I dunno, though -- can anyone who actually knows IT stuff answer this?

[linenoise.livejournal.com]

It depends on where the data is coming from. I mean, it's a logical address, so "the back of the house" is clearly not going to be possible. But for people on many forms of broadband, an IP lease can last for several months without changing, in some cases you'll have the same address for years. And the ISPs will generally have records of that sort of thing. So if they're getting data from inside the ISPs privacy screen, it's entirely possible to link an IP address to a specific customer, and billing records will give you their home address.

However, that level of access usually requires a court-ordered search warrant, or similar legal instrument. I *highly* doubt that LJ has bothered to get that sort of thing going in this case, but I might be wrong. Without a search warrant, you can still get a reverse-DNS lookup, which will pretty much always give you the name of the ISP and some kind of idiosyncratic region code. "poolXXXXX.tampfl.fios.verizon.net" as a sanitized example from my Bittorrent logs. So, I can tell that someone is connected to me from Tampa, Florida.

Someone more skilled and more patient than I could *probably* find a way to resolve that more closely, but I don't see any way to get an actual street address without billing records. Or hiring a digital PI to do cross-checking or traffic sniffing. But all of those things take *time* and *money*, and SUP isn't going to spend either of those in large quantity, when all they're going to find at any given location is a brain-dead zombie.

[aquaeri.livejournal.com]

I'm not in IT, but I've worked in data mining and modelling, and I'd imagine they've got some "average likely location" algorithm going, combined with "when we have multiple IP addresses from the same region code, spread them out around that average".

Similarly to what you'd do in ecological modelling - of course you don't know where all the Xiphias Wallabies are right now, but you've got your sampling survey data from last year and you need to stick some data points into your program.