[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] anyone else getting sync floods from russia?



Glad to hear its nothing personal. Putin still loves me ♥️

Thats Perl? I have no clue what it does.

We already changed the timers on the TCP connections and we have scripts running which are blocking IPs who will send us x0000 connections. Right now they changed tactics and for me it looks like SYNC flood from datacenter IP ranges and a few 100 IPs which undermine the easy blocking. Everything over 2,5 million TCP connections and the servers are more or less overloaded and I now learned that 3 million TCP connections is the point where the servers are dead as dead can be.

For a one time attack I would congratulate them but now daily it really is starting to suck. I also suxx that we have a direct 10G connection to the largest Russia ISP so they can DDOS us even faster …


> On 20. Feb 2021, at 12:06, Toralf Förster <toralf.foerster@xxxxxx> wrote:
> 
> On 2/20/21 2:25 AM, niftybunny wrote:
>> https://i.imgur.com/nDbaXqH.png <https://i.imgur.com/nDbaXqH.png>
>> 
>> https://i.imgur.com/Y5259wW.png <https://i.imgur.com/Y5259wW.png>
> Yep, I do wonder if sth like
> 
> netstat --tcp -n -4 | perl -wane ' BEGIN { $Hist=(); } { next unless
> (m/^tcp/); ($Remote) = split(/:/, $F[4]); $Hist{$Remote}++; } END {
> foreach my $key (sort { $Hist{$b} <=> $Hist{$a} || $a cmp $b } keys
> %Hist) { printf("%-15s %5i\n", $key, $Hist{$key}) } }' | head -n 40
> 
> would help in any case ?
> 
> --
> Toralf
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays