[racket-dev] Pinging BYU people!! (was: DOS attack on planet?)

From: Eli Barzilay (eli at barzilay.org)
Date: Sun Sep 22 21:13:36 EDT 2013

Just now, Jay McCarthy wrote:
> On Sun, Sep 22, 2013 at 6:53 PM, Eli Barzilay <eli at barzilay.org> wrote:
> >
> > In any case, if it is the package server through some other
> > machine, then it's best to change it so it comes from the actual
> > server.
> I don't know what's going on with that. It's in a VM, so maybe
> something is fishy when traffic leaves it versus when it comes to
> it?

Ooh, that's pretty bad for a server.  Having an IP address that
doesn't resolve back to the IP name is nothing new these days, but
having traffic from the server come via a different IP address is
really not a good idea.  Think about dealing with some kind of an
external service, who would need to be aware of your traffic: having
it come from a different IP address is something that would make it
very hard.

It would be a good idea to ask the people who manage that if it's
possible to get the expected behavior.

(FWIW, it might be some result of a firewall or something like that
too.  In NEU, our public machines are all in a DMZ network so they're
not affected by such firewalling.  (But it does mean dealing with a
public machine -- for example, dealing with ssh dictionary attacks,
not having some kind of expected weaknesses exposed like PHP and
similar junkware, etc.))

> It is supposed to do it weekly. I just turned it back on and did not
> get an error, so I'm not sure what the problem was. (The 403 errors
> totally filled the log, so I couldn't tell what the problem was
> earlier in the day.) So, I'm not sure what the problem was.

I can tell you exactly when it happend -- the flood started with this
entry: - - [21/Sep/2013:22:10:10 -0400] "GET /servlets/pkg-info.ss HTTP/1.1" 200 5650 "-" "-"

This was the first entry from that IP address for the whole week, so
it was probably the weekly run which then went bad.

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the dev mailing list.