Hi all,
This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you want to check your mirrors for signs of abuse.
Cheers, Alex
[1] https://lists.centos.org/pipermail/centos-mirror/2022-April/077440.html
We had to implement equivalent filtering rules during the weekend from network 223.67.0.0/16... and after your experience, we will start blocking 182.255.33.0/24 too.
regards
ariel
On 25/10/23 8:24, Alex Iribarren wrote:
Hi all,
This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you want to check your mirrors for signs of abuse.
Cheers, Alex
[1] https://lists.centos.org/pipermail/centos-mirror/2022-April/077440.html _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
And same here. One of our mirror servers was impacted.
Kind Regards, D
Sent from my iPhone
On 25 Oct 2023, at 12:40, ariel sabiguero yawelak asabigue@fder.edu.uy wrote:
We had to implement equivalent filtering rules during the weekend from network 223.67.0.0/16... and after your experience, we will start blocking 182.255.33.0/24 too.
regards
ariel
On 25/10/23 8:24, Alex Iribarren wrote: Hi all,
This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you want to check your mirrors for signs of abuse.
Cheers, Alex
[1] https://lists.centos.org/pipermail/centos-mirror/2022-April/077440.html _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
We blocked 223.67.64.0/19 due to this.
Mike
On 10/25/23 04:24, Alex Iribarren wrote:
Hi all,
This morning we stopped a DDoS attack on our mirror coming from China. The traffic was somewhat similar to what we've discussed in the past[1], except this time they weren't range requests, they were downloading the full iso files. The worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you want to check your mirrors for signs of abuse.
Cheers, Alex
[1] https://urldefense.com/v3/__https://lists.centos.org/pipermail/centos-mirror... _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos...
I've reported this issue here before as well. Just constant iso file downloads that never stop.
I actually went a step further and blocked the entire country. Problem solved.
On Thu, Oct 26, 2023 at 4:39 PM Mike Iglesias iglesias@uci.edu wrote:
We blocked 223.67.64.0/19 due to this.
Mike
On 10/25/23 04:24, Alex Iribarren wrote:
Hi all,
This morning we stopped a DDoS attack on our mirror coming from China.
The
traffic was somewhat similar to what we've discussed in the past[1],
except this
time they weren't range requests, they were downloading the full iso
files. The
worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you
want to
check your mirrors for signs of abuse.
Cheers, Alex
[1]
https://urldefense.com/v3/__https://lists.centos.org/pipermail/centos-mirror... _______________________________________________
CentOS-mirror mailing list CentOS-mirror@centos.org
https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos... _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
You said you blocked entire country to stop the attack, which country?
China
On Thu, Oct 26, 2023 at 10:56 PM Mohamed Abozeed via CentOS-mirror < centos-mirror@centos.org> wrote:
You said you blocked entire country to stop the attack, which country?
On 27 Oct 2023, at 04:42, Russell Jones arjones85@gmail.com wrote:
I've reported this issue here before as well. Just constant iso file downloads that never stop.
I actually went a step further and blocked the entire country. Problem solved.
On Thu, Oct 26, 2023 at 4:39 PM Mike Iglesias iglesias@uci.edu wrote:
We blocked 223.67.64.0/19 due to this.
Mike
On 10/25/23 04:24, Alex Iribarren wrote:
Hi all,
This morning we stopped a DDoS attack on our mirror coming from China.
The
traffic was somewhat similar to what we've discussed in the past[1],
except this
time they weren't range requests, they were downloading the full iso
files. The
worst offenders were 223.67.0.0/16 and 182.255.33.0/24, in case you
want to
check your mirrors for signs of abuse.
Cheers, Alex
[1]
https://urldefense.com/v3/__https://lists.centos.org/pipermail/centos-mirror... _______________________________________________
CentOS-mirror mailing list CentOS-mirror@centos.org
https://urldefense.com/v3/__https://lists.centos.org/mailman/listinfo/centos... _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
-
Alex Iribarren -
ariel sabiguero yawelak -
Dominik Nowacki -
Mike Iglesias -
Mohamed Abozeed -
Russell Jones