niftybunny abuse-contact@to-surf-and-protect.net wrote:
Glad to hear its nothing personal. Putin still loves me ??
Thats Perl? I have no clue what it does.
We already changed the timers on the TCP connections and we have scripts running which are blocking IPs who will send us x0000 connections. Right now they changed tactics and for me it looks like SYNC flood from datacenter IP ranges and a few 100 IPs which undermine the easy blocking. Everything over 2,5 million TCP connections and the servers are more or less overloaded and I now learned that 3 million TCP connections is the point where the servers are dead as dead can be.
For a one time attack I would congratulate them but now daily it really is starting to suck. I also suxx that we have a direct 10G connection to the largest Russia ISP so they can DDOS us even faster ?
Do you have pf available as a packet filter? pf's synproxy is designed to mitigate that sort of thing, when it is used. IIRC, it doesn't pass a connection on to the application until all the SYN/ACK handshaking is completed. It may also enforce an early timeout on waiting for the next step after the initial response, but I really don't recall because I haven't used it in many years.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************