On Thu, 2 Jul 2020 07:52:26 +0200 services via arch-mirrors wrote: > Hello, > > Same case here. > > Impact is low here (via one ip only), because a file which don't exist > (old iso) : > arch//iso/2020.03.01/archlinux-2020.03.01-x86_64.iso" failed (2: No such > file or directory) > > Can you share ip on the list for compare and block all ip before ddos ?
Actually I can not because I blocked all china IPs via iptables yesterday night. But what I see is, that when just blocking single IPs the traffic starts from other IPs. It would be a fulltime job to monitor this and to react. I can at the weekend disable the firewall rules and let it run for some hours. Then I can build a list of IPs from my logfiles. You will get it then. The situation is horrible because blocking a whole country is not what I want to do. But I have peaks with 500 to 600 Mbits downstream traffic for hours. That would not be a problem at all but I don't want this because it kills traffic for regular users and at the end it will cost money at some point. Too sad people are doing this kind of stupid things... :| Regards Johannes
