[CentOS-mirror] DOS attack downloading DVD isos
Maulvi Bakar
maulvi at maulvi.net
Fri Nov 20 02:09:54 UTC 2009
On Fri, Nov 20, 2009 at 9:36 AM, Clarkson University Mirror Admin <
mirror-admin at cslabs.clarkson.edu> wrote:
> On Thu, Nov 19, 2009 at 6:50 PM, Bob Bownes <bownes at gmail.com> wrote:
>
>> Anyone else seeing high numbers of requests for the DVD isos from a few
>> discrete locations? I'm getting multiple requests for dvd's from over 500
>> separate locations.
>>
>> Top 10 offenders:
>>
>> 5502 59.37.17.20
>> 6616 123.127.231.205
>> 6662 122.205.13.1
>> 6993 218.69.255.86
>> 7137 210.22.151.90
>> 7648 p108.net059086006.tnc.ne.jp
>> 8809 114.92.117.186
>> 10262 210.72.27.62
>> 11409 114.255.44.131
>> 13682 221.10.84.188
>>
>> Been going on for about the last 24 hours.
>>
>> Thanks,
>> Bob
>>
>
> Bob,
>
> Nice catch. I'm seeing some of the same IPs (listed below) on my mirror as
> well. I'm not sure whether I should block them or not though because I'd
> prefer not block people actually getting the ISOs but I also don't need
> bandwidth being consumed for no good reason since my mirror is already
> maxing out it's caps.
>
> Matt
>
>
> 6272 122.205.13.1 http 206
> 1519 114.92.117.186 200
> 4896 210.72.27.62 200
> 2192 114.255.44.131
> 9970 221.10.84.188
>
>
> --
> Mathew S. McCarrell
> Clarkson University '10
>
> mccarrms at gmail.com
> mccarrms at clarkson.edu
> 1-518-314-9214
>
>
> Hi!
I too am being hit, hard.. Although I did not carry DVD iso but the
quasi-DOS on the CD iso files are just as bad. Not just bandwidth
consumption but several dozens simultaneous connections from a single IP. I
think it's due to clients behind these IPs using some kind of download
managers.
So much so it is affecting those others who are grabbing *.rpm's download
performance.
I am tempted to use mod_bw and limit *.iso bandwidth to a reasonable low max
download speed and limitipconn to limit those download manager users to a
reasonable simultaneous connection.
Regards
Maulvi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos-mirror/attachments/20091120/e22e7236/attachment.html
More information about the CentOS-mirror
mailing list