[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Mon Oct 5 21:49:30 UTC 2020
Syaiful Rizal (Diskominfo Papua) <service at papua.go.id>

Yes,

Our mirror mirror.papua.go.id in Indonesia also got massive ISO
download from IP 27.221.66.0/24, and also massive access from OVH,
Amazon AWS and Google Cloud outside Indonesia.

But, we already set bandwidth limit for international connection but
no limit with domestic, since our mirror designed to serve
Indonesian/domestic users via Indonesia OpenIXP.

SRS
--
Pemerintah Provinsi Papua
https://www.papua.go.id

2020-10-06 2:34 GMT+09.00, Thomas Enos <thomas.enos at afghan-wireless.com>:
> We can confirm being hit by 27.221.66.0/24 pulling the same iso as well.
> What action was taken to address this by your networks?
>
> Thanks,
>
> From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of
> Bogdan-Stefan Rotariu <bogdan.rotariu at chroot.ro>
> Reply to: "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
> Date: Monday, 5 October 2020 at 9:30 PM
> To: CEDIA FOSS Mirrors <mirror at cedia.org.ec>, "Mailing list for CentOS
> mirrors." <centos-mirror at centos.org>
> Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack
> against a mirror
>
> [EXTERNAL EMAIL] This is an external email, please make sure the sender is
> well known before clicking on any link or opening an attachment, if spam
> report it to CIRT at afghan-wireless.com
>
> Hi there,
>
> On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror
> <centos-mirror at centos.org> wrote:
> hi
>
> <snip>
>
> 112.95.214.226 - China Unicom Guangdong province network
> 223.88.61.170   - China Mobile Communications Corporation
> 171.41.7.29       - CHINANET Hubei province network
> 120.84.10.190   - China Unicom Guangdong province network
> 27.221.66.104   - China Unicom Shandong province network
> 27.221.66.105   - China Unicom Shandong province network
> 112.32.21.93     - China Mobile Communications Corporation
> 27.221.49.135   - China Unicom Shandong province network
>
> Have you noticed that in your mirrors? look for these IP and notice if they
> have been trying to continously download iso
>
> We did encounter the same issues with the same IP addresses and same iso
> file. Till now I thought it was an isolated issue..
>
>> Bogdan-Stefan Rotariu
> CTO,Founder
> Chroot Network SRL
> WEB:
> http://www.chroot.ro<http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da>
> Phone: +40-731-247-668<tel:+40-731-247-668>
> Suport tehnic: suport at chroot.ro<mailto:suport at chroot.ro>
> Suport vanzari: vanzari at chroot.ro<mailto:vanzari at chroot.ro>
> Contact general: contact at chroot.ro<mailto:contact at chroot.ro>
>
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> https://lists.centos.org/mailman/listinfo/centos-mirror
>