[racket-dev] Pinging BYU people!! (was: DOS attack on planet?)

From: Eli Barzilay (eli at barzilay.org)
Date: Sun Sep 22 21:13:36 EDT 2013

Just now, Jay McCarthy wrote:
> On Sun, Sep 22, 2013 at 6:53 PM, Eli Barzilay <eli at barzilay.org> wrote:
> >
> > In any case, if it is the package server through some other
> > machine, then it's best to change it so it comes from the actual
> > server.
> 
> I don't know what's going on with that. It's in a VM, so maybe
> something is fishy when traffic leaves it versus when it comes to
> it?

Ooh, that's pretty bad for a server.  Having an IP address that
doesn't resolve back to the IP name is nothing new these days, but
having traffic from the server come via a different IP address is
really not a good idea.  Think about dealing with some kind of an
external service, who would need to be aware of your traffic: having
it come from a different IP address is something that would make it
very hard.

It would be a good idea to ask the people who manage that if it's
possible to get the expected behavior.

(FWIW, it might be some result of a firewall or something like that
too.  In NEU, our public machines are all in a DMZ network so they're
not affected by such firewalling.  (But it does mean dealing with a
public machine -- for example, dealing with ssh dictionary attacks,
not having some kind of expected weaknesses exposed like PHP and
similar junkware, etc.))


> It is supposed to do it weekly. I just turned it back on and did not
> get an error, so I'm not sure what the problem was. (The 403 errors
> totally filled the log, so I couldn't tell what the problem was
> earlier in the day.) So, I'm not sure what the problem was.

I can tell you exactly when it happend -- the flood started with this
entry:

    128.187.97.22 - - [21/Sep/2013:22:10:10 -0400] "GET /servlets/pkg-info.ss HTTP/1.1" 200 5650 "-" "-"

This was the first entry from that IP address for the whole week, so
it was probably the weekly run which then went bad.

-- 
          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the dev mailing list.