We can confirm being hit by 27.221.66.0/24 pulling the same iso as well. What action was taken to address this by your networks?
Thanks,
From: CentOS-mirror centos-mirror-bounces@centos.org on behalf of Bogdan-Stefan Rotariu bogdan.rotariu@chroot.ro Reply to: "Mailing list for CentOS mirrors." centos-mirror@centos.org Date: Monday, 5 October 2020 at 9:30 PM To: CEDIA FOSS Mirrors mirror@cedia.org.ec, "Mailing list for CentOS mirrors." centos-mirror@centos.org Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
[EXTERNAL EMAIL] This is an external email, please make sure the sender is well known before clicking on any link or opening an attachment, if spam report it to CIRT@afghan-wireless.com
Hi there,
On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror centos-mirror@centos.org wrote: hi
<snip>
112.95.214.226 - China Unicom Guangdong province network 223.88.61.170 - China Mobile Communications Corporation 171.41.7.29 - CHINANET Hubei province network 120.84.10.190 - China Unicom Guangdong province network 27.221.66.104 - China Unicom Shandong province network 27.221.66.105 - China Unicom Shandong province network 112.32.21.93 - China Mobile Communications Corporation 27.221.49.135 - China Unicom Shandong province network
Have you noticed that in your mirrors? look for these IP and notice if they have been trying to continously download iso
We did encounter the same issues with the same IP addresses and same iso file. Till now I thought it was an isolated issue..
— Bogdan-Stefan Rotariu CTO,Founder Chroot Network SRL WEB: http://www.chroot.rohttp://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da Phone: +40-731-247-668tel:+40-731-247-668 Suport tehnic: suport@chroot.romailto:suport@chroot.ro Suport vanzari: vanzari@chroot.romailto:vanzari@chroot.ro Contact general: contact@chroot.romailto:contact@chroot.ro