[mirror-admin] fedora live images dos attack?
Matt Domsch
Matt_Domsch at dell.com
Sun May 18 08:39:00 EDT 2008
On Sun, May 18, 2008 at 07:32:45AM -0400, Paul Mezzanini wrote:
> On 5/18/08 4:59 AM, "Prof. P. Sriram" <sriram at ae.iitm.ac.in> wrote:
>
> > dear fedora mirror colleagues,
> >
> > we (ftp.iitm.ac.in) have recently become an official fedora mirror; we
> > were very happy to note the increase in traffic when fedora 9 was released
> > a few days ago. however, a review of the logs shows what appears to be a
> > dos attack. we are getting thousands of requests for http downloads of the
> > fedora 9 live cd images from a handful of ip addresses in mainland china.
> > for example, 222.129.36.242 made over 20,000 requests for this live cd
> > image over a 24 hour period. a few more such sites have contributed a
> > total of over 200,000 hits on the live cd images over the last few days.
> > is anyone else seeing such strange activity? i have temporarily taken the
> > live cd images off line (sorry, legit downloaders).
>
> "Great firewall of China" doing some sort of NAT
>
> Do they all have various resume ranges? Could be the worst download
> accelerator ever built :)
If you like, given that IITM is the fastest mirror Fedora has in
India, and there are so many Indian users, you can limit your users to
those from India by adding 'IN' to the Countries Allowed list for your
Host in MirrorManager. Doing so, MirrorManager won't redirect users
from outside this list (best effort of course based on GeoIP) to you.
Perhaps adding Sri Lanka and other nearby countries to your South and
East, given your proximity to them, and depending on your connectivity
to them.
--
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux
--
More information about the Mirror-admin
mailing list