[racket-dev] Pinging BYU people!! (was: DOS attack on planet?)
Just now, Jay McCarthy wrote:
> On Sun, Sep 22, 2013 at 6:53 PM, Eli Barzilay <eli at barzilay.org> wrote:
> >
> > In any case, if it is the package server through some other
> > machine, then it's best to change it so it comes from the actual
> > server.
>
> I don't know what's going on with that. It's in a VM, so maybe
> something is fishy when traffic leaves it versus when it comes to
> it?
Ooh, that's pretty bad for a server. Having an IP address that
doesn't resolve back to the IP name is nothing new these days, but
having traffic from the server come via a different IP address is
really not a good idea. Think about dealing with some kind of an
external service, who would need to be aware of your traffic: having
it come from a different IP address is something that would make it
very hard.
It would be a good idea to ask the people who manage that if it's
possible to get the expected behavior.
(FWIW, it might be some result of a firewall or something like that
too. In NEU, our public machines are all in a DMZ network so they're
not affected by such firewalling. (But it does mean dealing with a
public machine -- for example, dealing with ssh dictionary attacks,
not having some kind of expected weaknesses exposed like PHP and
similar junkware, etc.))
> It is supposed to do it weekly. I just turned it back on and did not
> get an error, so I'm not sure what the problem was. (The 403 errors
> totally filled the log, so I couldn't tell what the problem was
> earlier in the day.) So, I'm not sure what the problem was.
I can tell you exactly when it happend -- the flood started with this
entry:
128.187.97.22 - - [21/Sep/2013:22:10:10 -0400] "GET /servlets/pkg-info.ss HTTP/1.1" 200 5650 "-" "-"
This was the first entry from that IP address for the whole week, so
it was probably the weekly run which then went bad.
--
((lambda (x) (x x)) (lambda (x) (x x))) Eli Barzilay:
http://barzilay.org/ Maze is Life!
![[logo]](/logo.png){kind=logo}