[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Mon Oct 5 18:16:14 UTC 2020
CEDIA FOSS Mirrors <mirror at cedia.org.ec>

10/05/2020 12:40 - Thomas Enos wrote: We can confirm being hit by pulling the same iso as well.  What
action was taken to address this by your networks?
hi Thomas
there are several approaches that could be taken:  
 - block the whole country (using geoiplookup) 
 - block the whole country from downloading iso files 
 - block the list of IPs 
 - If the attacks persist from other IPs, then it is advisable to create a
list of IPs we can use here to share IPs trying to dos our mirrors. This way
everybody could use the list to block connections from them. 

 other suggestions are welcome


From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of
Rotariu <bogdan.rotariu at chroot.ro>
Reply to: "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
Date: Monday, 5 October 2020 at 9:30 PM
To: CEDIA FOSS Mirrors <mirror at cedia.org.ec>, "Mailing list for CentOS
<centos-mirror at centos.org>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack
against a mirror

[EXTERNAL EMAIL] This is an external email, please make sure the sender is
known before clicking on any link or opening an attachment, if spam report it
CIRT at afghan-wireless.com

Hi there,

On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror
<centos-mirror at centos.org> wrote:

<snip> - China Unicom Guangdong province network   - China Mobile Communications Corporation       - CHINANET Hubei province network   - China Unicom Guangdong province network   - China Unicom Shandong province network   - China Unicom Shandong province network     - China Mobile Communications Corporation   - China Unicom Shandong province network

Have you noticed that in your mirrors? look for these IP and notice if they
been trying to continously download iso

We did encounter the same issues with the same IP addresses and same iso file.
Till now I thought it was an isolated issue..

Bogdan-Stefan Rotariu
Chroot Network SRL
Phone: +40-731-247-668<tel:+40-731-247-668>
Suport tehnic: suport at chroot.ro<mailto:suport at chroot.ro>
Suport vanzari: vanzari at chroot.ro<mailto:vanzari at chroot.ro>
Contact general: contact at chroot.ro<mailto:contact at chroot.ro>

[1] http://www.chroot.ro
[2] http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201005/e6a547a8/attachment-0003.html>