niftybunny <abuse-cont...@to-surf-and-protect.net> wrote:
> Glad to hear its nothing personal. Putin still loves me ??
>
> Thats Perl? I have no clue what it does.
>
> We already changed the timers on the TCP connections and we have scripts
> running which are blocking IPs who will send us x0000 connections. Right now
> they changed tactics and for me it looks like SYNC flood from datacenter IP
> ranges and a few 100 IPs which undermine the easy blocking. Everything over
> 2,5 million TCP connections and the servers are more or less overloaded and I
> now learned that 3 million TCP connections is the point where the servers are
> dead as dead can be.
>
> For a one time attack I would congratulate them but now daily it really is
> starting to suck. I also suxx that we have a direct 10G connection to the
> largest Russia ISP so they can DDOS us even faster ?
>
Do you have pf available as a packet filter? pf's synproxy is designed
to mitigate that sort of thing, when it is used. IIRC, it doesn't pass a
connection on to the application until all the SYN/ACK handshaking is completed.
It may also enforce an early timeout on waiting for the next step after the
initial response, but I really don't recall because I haven't used it in many
years.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at sdf.org *xor* bennett at freeshell.org *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
