[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Mon Oct 5 22:23:11 UTC 2020
Christopher Hawker <email at chrishawker.com.au>

Hi Thomas,

You could simply use GeoIP Blocking to filter out any traffic from China. Here's a link to achieve this for Apache: https://www.cloudibee.com/geoip-based-country-blocking-for-apache/.

Regards,
Christopher Hawker


________________________________
From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of Thomas Enos <thomas.enos at afghan-wireless.com>
Sent: Tuesday, 6 October 2020 4:34 AM
To: Mailing list for CentOS mirrors. <centos-mirror at centos.org>; CEDIA FOSS Mirrors <mirror at cedia.org.ec>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

We can confirm being hit by 27.221.66.0/24 pulling the same iso as well.  What action was taken to address this by your networks?

Thanks,

From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of Bogdan-Stefan Rotariu <bogdan.rotariu at chroot.ro>
Reply to: "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
Date: Monday, 5 October 2020 at 9:30 PM
To: CEDIA FOSS Mirrors <mirror at cedia.org.ec>, "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

[EXTERNAL EMAIL] This is an external email, please make sure the sender is well known before clicking on any link or opening an attachment, if spam report it to CIRT at afghan-wireless.com

Hi there,

On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror <centos-mirror at centos.org> wrote:
hi

<snip>

112.95.214.226 - China Unicom Guangdong province network
223.88.61.170   - China Mobile Communications Corporation
171.41.7.29       - CHINANET Hubei province network
120.84.10.190   - China Unicom Guangdong province network
27.221.66.104   - China Unicom Shandong province network
27.221.66.105   - China Unicom Shandong province network
112.32.21.93     - China Mobile Communications Corporation
27.221.49.135   - China Unicom Shandong province network

Have you noticed that in your mirrors? look for these IP and notice if they have been trying to continously download iso

We did encounter the same issues with the same IP addresses and same iso file. Till now I thought it was an isolated issue..

—
Bogdan-Stefan Rotariu
CTO,Founder
Chroot Network SRL
WEB: http://www.chroot.ro<http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da>
Phone: +40-731-247-668<tel:+40-731-247-668>
Suport tehnic: suport at chroot.ro<mailto:suport at chroot.ro>
Suport vanzari: vanzari at chroot.ro<mailto:vanzari at chroot.ro>
Contact general: contact at chroot.ro<mailto:contact at chroot.ro>

_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org
https://lists.centos.org/mailman/listinfo/centos-mirror
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201005/aaa91fa8/attachment-0005.html>