[arch-mirrors] Huge traffic from China
mailman at hanez.org
Thu Jul 2 16:45:20 UTC 2020
On Thu, 2 Jul 2020 07:52:26 +0200
services via arch-mirrors wrote:
> Same case here.
> Impact is low here (via one ip only), because a file which don't exist
> (old iso) :
> arch//iso/2020.03.01/archlinux-2020.03.01-x86_64.iso" failed (2: No such
> file or directory)
> Can you share ip on the list for compare and block all ip before ddos ?
Actually I can not because I blocked all china IPs via iptables
yesterday night. But what I see is, that when just blocking single IPs
the traffic starts from other IPs. It would be a fulltime job to
monitor this and to react. I can at the weekend disable the firewall
rules and let it run for some hours. Then I can build a list of IPs
from my logfiles. You will get it then.
The situation is horrible because blocking a whole country is not what
I want to do. But I have peaks with 500 to 600 Mbits downstream traffic
for hours. That would not be a problem at all but I don't want this
because it kills traffic for regular users and at the end it will cost
money at some point.
Too sad people are doing this kind of stupid things... :|
More information about the arch-mirrors