[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Tue Oct 6 13:47:44 UTC 2020
Didier Aeschimann <didier at calgah.com>

Hello,

 

We also had a similar issue in 2019

 

May 2019             6768.16 GB

Jun 2019               4571.42 GB

Jul 2019                5033308.72 GB

Aug 2019              1665015.47 GB

Sep 2019              480864.23 GB

Oct 2019               7492.56 GB

 

All of the increase in traffic was China networks.

In my case we waited it out and still have about 50% over normal from China.

We were wondering what CentOS’ position on geoblocking is?

 

Good day,

 

Didier

 

Didier Aeschimann
Calgah Computer Systems Ltd. / IT Security Division
1405 Henri-Bourassa E.
Montreal, Quebec, Canada H2C 1H1
Tel:(514) 335 0405 Fax. (514) 335 6541
Email: nospam at redwarning.com, didier at calgah.com
http://www.calgah.com
 



 

From: CentOS-mirror <centos-mirror-bounces at centos.org> On Behalf Of Cihan Nimsi via CentOS-mirror
Sent: October-06-20 09:23
To: centos-mirror at centos.org
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

 

Hello,

 

We also had the same problem and blocked China. Problem solved.

 

6.10.2020 01:23 tarihinde Christopher Hawker yazdı:

Hi Thomas,

 

You could simply use GeoIP Blocking to filter out any traffic from China. Here's a link to achieve this for Apache: https://www.cloudibee.com/geoip-based-country-blocking-for-apache/.

 

Regards,

Christopher Hawker

 

 

  _____  

From: CentOS-mirror  <mailto:centos-mirror-bounces at centos.org> <centos-mirror-bounces at centos.org> on behalf of Thomas Enos  <mailto:thomas.enos at afghan-wireless.com> <thomas.enos at afghan-wireless.com>
Sent: Tuesday, 6 October 2020 4:34 AM
To: Mailing list for CentOS mirrors.  <mailto:centos-mirror at centos.org> <centos-mirror at centos.org>; CEDIA FOSS Mirrors  <mailto:mirror at cedia.org.ec> <mirror at cedia.org.ec>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror 

 

We can confirm being hit by 27.221.66.0/24 pulling the same iso as well.  What action was taken to address this by your networks?

Thanks,

From: CentOS-mirror  <mailto:centos-mirror-bounces at centos.org> <centos-mirror-bounces at centos.org> on behalf of Bogdan-Stefan Rotariu  <mailto:bogdan.rotariu at chroot.ro> <bogdan.rotariu at chroot.ro>
Reply to: "Mailing list for CentOS mirrors."  <mailto:centos-mirror at centos.org> <centos-mirror at centos.org>
Date: Monday, 5 October 2020 at 9:30 PM
To: CEDIA FOSS Mirrors  <mailto:mirror at cedia.org.ec> <mirror at cedia.org.ec>, "Mailing list for CentOS mirrors."  <mailto:centos-mirror at centos.org> <centos-mirror at centos.org>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

[EXTERNAL EMAIL] This is an external email, please make sure the sender is well known before clicking on any link or opening an attachment, if spam report it to CIRT at afghan-wireless.com <mailto:CIRT at afghan-wireless.com> 

Hi there,

On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror  <mailto:centos-mirror at centos.org> <centos-mirror at centos.org> wrote:
hi

<snip>

112.95.214.226 - China Unicom Guangdong province network
223.88.61.170   - China Mobile Communications Corporation
171.41.7.29       - CHINANET Hubei province network
120.84.10.190   - China Unicom Guangdong province network
27.221.66.104   - China Unicom Shandong province network
27.221.66.105   - China Unicom Shandong province network
112.32.21.93     - China Mobile Communications Corporation
27.221.49.135   - China Unicom Shandong province network

Have you noticed that in your mirrors? look for these IP and notice if they have been trying to continously download iso

We did encounter the same issues with the same IP addresses and same iso file. Till now I thought it was an isolated issue..

—
Bogdan-Stefan Rotariu
CTO,Founder
Chroot Network SRL
WEB: http://www.chroot.ro <http://www.chroot.ro%3chttp:/track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da> <http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da>
Phone: +40-731-247-668 <tel:+40-731-247-668> <tel:+40-731-247-668>
Suport tehnic: suport at chroot.ro <mailto:suport at chroot.ro> <mailto:suport at chroot.ro>
Suport vanzari: vanzari at chroot.ro <mailto:vanzari at chroot.ro> <mailto:vanzari at chroot.ro>
Contact general: contact at chroot.ro <mailto:contact at chroot.ro> <mailto:contact at chroot.ro>

_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org> 
https://lists.centos.org/mailman/listinfo/centos-mirror





_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org> 
https://lists.centos.org/mailman/listinfo/centos-mirror

-- 


İyi Çalışmalar / Best Regards,


Cihan Nimsi 


C-Level Executive


 <https://www.guzel.net.tr> 


 


İçerenköy Mh. Ertaç Sk. Ardil İş Merkezi


No: 4/2 Kat: 1 Ataşehir/İSTANBUL


Telefon +90 850 885 0 558 - 1001


 <https://www.guzel.net.tr> www.guzel.net.tr 


 <http://www.facebook.com/guzelhosting>    <http://twitter.com/guzelhosting>    <https://www.instagram.com/guzel.hosting>  

	

Bu e-mailin içeriği gizlidir ve sadece bu e-mailin alıcısına özeldir. Göndericinin izni olmadan bu mesajın 3. taraflarla paylaşılması yasaktır. Eğer bu e-mail size yanlışlıkla gönderildiyse, lütfen bu e-maili yanıtlayıp siliniz, böylece aynı hata tekrar olmayacaktır.


The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201006/a0b48946/attachment-0005.html>