Not at home but its just a cronjob running every x minutes and checking via 
netstat how many connections I get from every single IP. If I get say 20000 
connections from a single IP it would be blocked with iptables.

Nothing fancy at all but it works as long as there are very few IPs ddosing me. 
It fails if there is a botnet and/or multiple /22 who connect to only a few 
ports per IP. I am sure a fancy Cisco Next Generation Firewall would be much 
better but I am too poor to even look at it.

Tracking every connection with iptables is very cpu intensive if you have a few 
100k connections running on every server … so not really doable.

Right now my problem is: Whats all this about.

- I got no love letter beginning with: "If you want to stay online send us x 
Bitcoins to …. “ so this is not blackmailing me …

- In case some abuse pissed someone off and they decided to shut me down. This 
is an expensive attack over multiple days and high amounts of traffic. I doubt 
that someone is throwing a bunch of money in this just because they are pissed.

- State actors aka Russia trying to shut the network down? In this case they 
should be attacking others too. No answers in here = doesn't look like they do …


> On 21. Feb 2021, at 12:12, Toralf Förster <[email protected]> wrote:
> 
> On 2/20/21 12:29 PM, niftybunny wrote:
>> We already changed the timers on the TCP connections and we have scripts 
>> running which are blocking IPs who will send us x0000 connections. Right now 
>> they changed tactics and for me it looks like SYNC flood from datacenter IP 
>> ranges and a few 100 IPs which undermine the easy blocking.
> Would an iptables ruel with "recent" and "limit" be a solution here ?
> If yes, how do you use that (do you have a code snippet)?
> 
> --
> Toralf
> _______________________________________________
> tor-relays mailing list
> [email protected]
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Reply via email to