Glad to hear its nothing personal. Putin still loves me ♥️
Thats Perl? I have no clue what it does.
We already changed the timers on the TCP connections and we have scripts running which are blocking IPs who will send us x0000 connections. Right now they changed tactics and for me it looks like SYNC flood from datacenter IP ranges and a few 100 IPs which undermine the easy blocking. Everything over 2,5 million TCP connections and the servers are more or less overloaded and I now learned that 3 million TCP connections is the point where the servers are dead as dead can be.
For a one time attack I would congratulate them but now daily it really is starting to suck. I also suxx that we have a direct 10G connection to the largest Russia ISP so they can DDOS us even faster …
On 20. Feb 2021, at 12:06, Toralf Förster toralf.foerster@gmx.de wrote:
On 2/20/21 2:25 AM, niftybunny wrote:
https://i.imgur.com/nDbaXqH.png https://i.imgur.com/nDbaXqH.png
https://i.imgur.com/Y5259wW.png https://i.imgur.com/Y5259wW.png
Yep, I do wonder if sth like
netstat --tcp -n -4 | perl -wane ' BEGIN { $Hist=(); } { next unless (m/^tcp/); ($Remote) = split(/:/, $F[4]); $Hist{$Remote}++; } END { foreach my $key (sort { $Hist{$b} <=> $Hist{$a} || $a cmp $b } keys %Hist) { printf("%-15s %5i\n", $key, $Hist{$key}) } }' | head -n 40
would help in any case ?
-- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays