And same here. One of our mirror servers was impacted.

Kind Regards, D

Sent from my iPhone

On 25 Oct 2023, at 12:40, ariel sabiguero yawelak asabigue@fder.edu.uy wrote:

We had to implement equivalent filtering rules during the weekend from network 223.67.0.0/16... and after your experience, we will start blocking 182.255.33.0/24 too.

regards

ariel

...

On 25/10/23 8:24, Alex Iribarren wrote: Hi all,

This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you want to check your mirrors for signs of abuse.

Cheers, Alex

[1] https://lists.centos.org/pipermail/centos-mirror/2022-April/077440.html _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror

---

CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror

I've reported this issue here before as well. Just constant iso file downloads that never stop.

I actually went a step further and blocked the entire country. Problem solved.

On Thu, Oct 26, 2023 at 4:39 PM Mike Iglesias iglesias@uci.edu wrote:

We blocked 223.67.64.0/19 due to this.

Mike

On 10/25/23 04:24, Alex Iribarren wrote:

...

Hi all,

This morning we stopped a DDoS attack on our mirror coming from China.

The

...

traffic was somewhat similar to what we've discussed in the past[1],

except this

...

time they weren't range requests, they were downloading the full iso

files. The

...

worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you

want to

...

check your mirrors for signs of abuse.

Cheers, Alex

[1]

https://urldefense.com/v3/__https://lists.centos.org/pipermail/centos-mirror... _______________________________________________

...

CentOS-mirror mailing list CentOS-mirror@centos.org

https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos... _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror

You said you blocked entire country to stop the attack, which country?

China

On Thu, Oct 26, 2023 at 10:56 PM Mohamed Abozeed via CentOS-mirror < centos-mirror@centos.org> wrote:

You said you blocked entire country to stop the attack, which country?

On 27 Oct 2023, at 04:42, Russell Jones arjones85@gmail.com wrote:

 I've reported this issue here before as well. Just constant iso file downloads that never stop.

I actually went a step further and blocked the entire country. Problem solved.

On Thu, Oct 26, 2023 at 4:39 PM Mike Iglesias iglesias@uci.edu wrote:

...

We blocked 223.67.64.0/19 due to this.

Mike

On 10/25/23 04:24, Alex Iribarren wrote:

...

Hi all,

This morning we stopped a DDoS attack on our mirror coming from China.

The

...

traffic was somewhat similar to what we've discussed in the past[1],

except this

...

time they weren't range requests, they were downloading the full iso

files. The

...

worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you

want to

...

check your mirrors for signs of abuse.

Cheers, Alex

[1]

https://urldefense.com/v3/__https://lists.centos.org/pipermail/centos-mirror... _______________________________________________

...

CentOS-mirror mailing list CentOS-mirror@centos.org

https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos... _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror

---

CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror