Same here. We also blocked the addresses listed below. They were constantly downloading full ISOs to the same images causing a consistent > 5 Gbps stream.
Kevin
From: CentOS-mirror centos-mirror-bounces@centos.org on behalf of Awesome Projects via CentOS-mirror centos-mirror@centos.org Reply-To: Awesome Projects mirrors@awesomeprojects.ro, "Mailing list for CentOS mirrors." centos-mirror@centos.org Date: Thursday, October 26, 2023 at 9:43 AM To: "centos-mirror@centos.org" centos-mirror@centos.org Subject: Re: [CentOS-mirror] CentOS-mirror Digest, Vol 221, Issue 2
Hello,
we experienced the same thing from the same IP's about 6 months ago. This happened simultaneously with some IPv6 classes. Can't supply the IP's however, we blocked all the netblocks we could identify as belonging to China.
On 10/26/23 15:00, centos-mirror-request@centos.org wrote:
Send CentOS-mirror mailing list submissions to centos-mirror@centos.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-mirrorhttps://lists.centos.org/mailman/listinfo/centos-mirror or, via email, send a message with subject or body 'help' to centos-mirror-request@centos.org
You can reach the person managing the list at centos-mirror-owner@centos.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-mirror digest..."
Today's Topics:
- Re: DDoS attack (Dominik Nowacki)
Message: 1 Date: Wed, 25 Oct 2023 12:14:55 +0000 From: Dominik Nowacki dominik@clouvider.co.uk To: Mailing list for CentOS mirrors. centos-mirror@centos.org Subject: Re: [CentOS-mirror] DDoS attack Message-ID: 1CE1A3D7-BD4F-4BED-85BB-8AF3707C2E29@clouvider.co.uk Content-Type: text/plain; charset="utf-8"
And same here. One of our mirror servers was impacted.
Kind Regards, D
Sent from my iPhone
On 25 Oct 2023, at 12:40, ariel sabiguero yawelak asabigue@fder.edu.uy wrote:
?We had to implement equivalent filtering rules during the weekend from network 223.67.0.0/16http://223.67.0.0/16... and after your experience, we will start blocking 182.255.33.0/24http://182.255.33.0/24 too.
regards
ariel
On 25/10/23 8:24, Alex Iribarren wrote: Hi all,
This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16http://223.67.0.0/16 and 182.255.33.0/24http://182.255.33.0/24, in case you want to check your mirrors for signs of abuse.
Cheers, Alex
[1] https://lists.centos.org/pipermail/centos-mirror/2022-April/077440.htmlhttps://lists.centos.org/pipermail/centos-mirror/2022-April/077440.html _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirrorhttps://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirrorhttps://lists.centos.org/mailman/listinfo/centos-mirror
Subject: Digest Footer
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirrorhttps://lists.centos.org/mailman/listinfo/centos-mirror
End of CentOS-mirror Digest, Vol 221, Issue 2
_______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirrorhttps://lists.centos.org/mailman/listinfo/centos-mirror