Not at home but its just a cronjob running every x minutes and checking via netstat how many connections I get from every single IP. If I get say 20000 connections from a single IP it would be blocked with iptables.
Nothing fancy at all but it works as long as there are very few IPs ddosing me. It fails if there is a botnet and/or multiple /22 who connect to only a few ports per IP. I am sure a fancy Cisco Next Generation Firewall would be much better but I am too poor to even look at it. Tracking every connection with iptables is very cpu intensive if you have a few 100k connections running on every server … so not really doable. Right now my problem is: Whats all this about. - I got no love letter beginning with: "If you want to stay online send us x Bitcoins to …. “ so this is not blackmailing me … - In case some abuse pissed someone off and they decided to shut me down. This is an expensive attack over multiple days and high amounts of traffic. I doubt that someone is throwing a bunch of money in this just because they are pissed. - State actors aka Russia trying to shut the network down? In this case they should be attacking others too. No answers in here = doesn't look like they do … > On 21. Feb 2021, at 12:12, Toralf Förster <[email protected]> wrote: > > On 2/20/21 12:29 PM, niftybunny wrote: >> We already changed the timers on the TCP connections and we have scripts >> running which are blocking IPs who will send us x0000 connections. Right now >> they changed tactics and for me it looks like SYNC flood from datacenter IP >> ranges and a few 100 IPs which undermine the easy blocking. > Would an iptables ruel with "recent" and "limit" be a solution here ? > If yes, how do you use that (do you have a code snippet)? > > -- > Toralf > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
