LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-03-2024, 12:57 AM   #16
ponce
LQ Guru
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 7,141

Rep: Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208Reputation: 4208

Quote:
Originally Posted by henca View Post
does anyone know an easy automated way to translate a list of IP addresses to a list of countries?
GeoIP from SBo has the utilities geoiplookup and geoiplookup6 for the scope (you will probably need a bit of sed/awk too).
the data it uses has stopped being updated on SBo when MaxMind started requiring a subscription but the queries still work most of the times (nearly always, in practice).

Last edited by ponce; 06-03-2024 at 12:58 AM.
 
1 members found this post helpful.
Old 06-03-2024, 06:40 AM   #17
BrunoLafleur
Member
 
Registered: Apr 2020
Location: France
Distribution: Slackware
Posts: 428

Rep: Reputation: 388Reputation: 388Reputation: 388Reputation: 388
Quote:
Originally Posted by henca View Post
Yes, lets face it. Internet is not a very nice place. Even though a low percentage of the internet population, it has far too many evil people wishing to abuse all those systems out there for their own economical gain or political interest. They will send spam to every email they can find, they will break into all machines they can to start bitcoin mining, they will DDoS systems they don't like.

I have a list of 48257 IP addresses which all have made multiple failed attempts to log in to my IP address by ssh. Maybe half of those addresses are from China (does anyone know an easy automated way to translate a list of IP addresses to a list of countries?). In most cases, the evil person is not sitting at those adresses. Instead those addresses are owned by clueless people unable to keep their internet connected equipment secure.

regards Henrik
I use fail2ban and ban them 4 days. It limits greatly the cost for ssh to fork and consume memory and also to take bandwidth.

If the DDOS attackers are also doing some nasty and not legitimate access to ssh or apache, fail2ban will ban them the time you want.

There maybe also more clever rules as for example ban also multiples attempt on one file.

Else I also use mod_qos with Apache which has a lot of rules for that sort of problems.
 
2 members found this post helpful.
Old 06-03-2024, 08:34 AM   #18
mrsam
LQ Newbie
 
Registered: Jan 2024
Distribution: Fedora, Ubuntu, Slackware
Posts: 14

Rep: Reputation: 11
Some years ago I had trouble with Chinese IPs hammering my mail server. I ended up banning 195 Chinese CIDRs, ranging from /17 and up to /9. They remain banned.
 
3 members found this post helpful.
Old 06-03-2024, 12:25 PM   #19
henca
Senior Member
 
Registered: Aug 2007
Location: Linköping, Sweden
Distribution: Slackware
Posts: 1,024

Rep: Reputation: 689Reputation: 689Reputation: 689Reputation: 689Reputation: 689Reputation: 689
Quote:
Originally Posted by ponce View Post
GeoIP from SBo has the utilities geoiplookup and geoiplookup6 for the scope (you will probably need a bit of sed/awk too).
the data it uses has stopped being updated on SBo when MaxMind started requiring a subscription but the queries still work most of the times (nearly always, in practice).
Thanks! Even though it might be slightly outdated, that method, as expected, indicates that most intrusion attempts comes from China. But my guess that half of the attempts would be from China was wrong. "Only" 15886 ip addresses of the 48296 was from China, that is slightly less than a third.

I ran the following command:
Code:
cat blacklist | awk '{system("geoiplookup " $1)}' | grep "Country Edition" | awk -F: '{print $2}' | sort | uniq -c | sort -n
... and got the following result:

Code:
      
      1  AG, Antigua and Barbuda
      1  BS, Bahamas
      1  CV, Cape Verde
      1  GP, Guadeloupe
      1  IM, Isle of Man
      1  KN, Saint Kitts and Nevis
      1  LS, Lesotho
      1  ML, Mali
      1  MV, Maldives
      1  NI, Nicaragua
      1  SZ, Swaziland
      1  TG, Togo
      1  TL, Timor-Leste
      1  TT, Trinidad and Tobago
      1  WS, Samoa
      1  YE, Yemen
      2  BF, Burkina Faso
      2  BH, Bahrain
      2  BI, Burundi
      2  CU, Cuba
      2  GA, Gabon
      2  HT, Haiti
      2  KM, Comoros
      2  KY, Cayman Islands
      2  MC, Monaco
      2  NE, Niger
      2  PG, Papua New Guinea
      2  SM, San Marino
      2  SO, Somalia
      2  SV, El Salvador
      3  AL, Albania
      3  BL, Saint Barthelemy
      3  BT, Bhutan
      3  GM, Gambia
      3  MT, Malta
      3  NC, New Caledonia
      3  OM, Oman
      3  PR, Puerto Rico
      3  RE, Reunion
      4  BJ, Benin
      4  BZ, Belize
      4  CD, Congo, The Democratic Republic of the
      4  EE, Estonia
      4  HN, Honduras
      4  IS, Iceland
      4  MD, Moldova, Republic of
      4  ME, Montenegro
      4  RW, Rwanda
      4  SC, Seychelles
      4  TJ, Tajikistan
      5  AO, Angola
      5  BB, Barbados
      5  CY, Cyprus
      5  MK, Macedonia
      5  SY, Syrian Arab Republic
      6  GE, Georgia
      6  MM, Myanmar
      6  NA, Namibia
      7  BA, Bosnia and Herzegovina
      7  BW, Botswana
      7  CM, Cameroon
      7  LB, Lebanon
      7  MW, Malawi
      8  KW, Kuwait
      8  LA, Lao People's Democratic Republic
      8  MG, Madagascar
      9  IQ, Iraq
      9  LV, Latvia
      9  SD, Sudan
     10  MO, Macau
     10  MZ, Mozambique
     10  ZM, Zambia
     11  AZ, Azerbaijan
     11  CI, Cote D'Ivoire
     11  PS, Palestinian Territory
     11  SN, Senegal
     12  LU, Luxembourg
     13  JO, Jordan
     13  KG, Kyrgyzstan
     13  LY, Libya
     13  QA, Qatar
     13  ZW, Zimbabwe
     14  EU, Europe
     14  FI, Finland
     14  PA, Panama
     16  DZ, Algeria
     16  SI, Slovenia
     17  MU, Mauritius
     18  ET, Ethiopia
     19  MN, Mongolia
     19  TZ, Tanzania, United Republic of
     19  UG, Uganda
     20  AM, Armenia
     20  NZ, New Zealand
     21  GH, Ghana
     22  LK, Sri Lanka
     23  DO, Dominican Republic
     23  UY, Uruguay
     25  GT, Guatemala
     25  KH, Cambodia
     25  UZ, Uzbekistan
     27  CR, Costa Rica
     27  MA, Morocco
     28  DK, Denmark
     28  IL, Israel
     28  SK, Slovakia
     30  HR, Croatia
     30  SA, Saudi Arabia
     31  NG, Nigeria
     32  LT, Lithuania
     34  RS, Serbia
     35  NP, Nepal
     43  KE, Kenya
     44  TN, Tunisia
     50  AE, United Arab Emirates
     50  VE, Venezuela
     51  AP, Asia/Pacific Region
     55  KZ, Kazakhstan
     57  AT, Austria
     57  BO, Bolivia
     57  EG, Egypt
     58  BY, Belarus
     60  CH, Switzerland
     60  NO, Norway
     63  BG, Bulgaria
     65  CZ, Czech Republic
     66  IE, Ireland
     71  PK, Pakistan
     75  PY, Paraguay
     77  BD, Bangladesh
     80  EC, Ecuador
     80  PE, Peru
     85  PT, Portugal
     87  RO, Romania
     92  PH, Philippines
    104  SE, Sweden
    109  TR, Turkey
    117  UA, Ukraine
    129  HU, Hungary
    142  BE, Belgium
    143  IR, Iran, Islamic Republic of
    144  CL, Chile
    148  ZA, South Africa
    173  AU, Australia
    207  MY, Malaysia
    229  PL, Poland
    277  ES, Spain
    285  TH, Thailand
    286  TW, Taiwan
    332  GR, Greece
    371  CO, Colombia
    422  MX, Mexico
    430  HK, Hong Kong
    451  AR, Argentina
    506  VN, Vietnam
    584  ID, Indonesia
    611  IT, Italy
    778  GB, United Kingdom
    813  IP Address not found
    963  SG, Singapore
    974  CA, Canada
   1050  DE, Germany
   1068  RU, Russian Federation
   1095  KR, Korea, Republic of
   1243  NL, Netherlands
   1342  IN, India
   1615  BR, Brazil
   1757  JP, Japan
   2771  FR, France
   8163  US, United States
  15886  CN, China
As always, your mileage might vary, you might find other distributions of the visitors "knocking" on your systems.

regards Henrik
 
Old 06-05-2024, 04:00 AM   #20
slack-uke
Member
 
Registered: Nov 2013
Location: Toronto, Ontario, Canada
Distribution: Slackware 15.0 64-bit & Current 64-bit
Posts: 94

Rep: Reputation: 93
Quote:
Originally Posted by henca View Post
Thanks! Even though it might be slightly outdated, that method, as expected, indicates that most intrusion attempts comes from China. But my guess that half of the attempts would be from China was wrong. "Only" 15886 ip addresses of the 48296 was from China, that is slightly less than a third.

I ran the following command:
Code:
cat blacklist | awk '{system("geoiplookup " $1)}' | grep "Country Edition" | awk -F: '{print $2}' | sort | uniq -c | sort -n
... and got the following result:

Code:
      
      1  AG, Antigua and Barbuda
      1  BS, Bahamas
      1  CV, Cape Verde
      1  GP, Guadeloupe
      1  IM, Isle of Man
      1  KN, Saint Kitts and Nevis
      1  LS, Lesotho
      1  ML, Mali
      1  MV, Maldives
      1  NI, Nicaragua
      1  SZ, Swaziland
      1  TG, Togo
      1  TL, Timor-Leste
      1  TT, Trinidad and Tobago
      1  WS, Samoa
      1  YE, Yemen
      2  BF, Burkina Faso
      2  BH, Bahrain
      2  BI, Burundi
      2  CU, Cuba
      2  GA, Gabon
      2  HT, Haiti
      2  KM, Comoros
      2  KY, Cayman Islands
      2  MC, Monaco
      2  NE, Niger
      2  PG, Papua New Guinea
      2  SM, San Marino
      2  SO, Somalia
      2  SV, El Salvador
      3  AL, Albania
      3  BL, Saint Barthelemy
      3  BT, Bhutan
      3  GM, Gambia
      3  MT, Malta
      3  NC, New Caledonia
      3  OM, Oman
      3  PR, Puerto Rico
      3  RE, Reunion
      4  BJ, Benin
      4  BZ, Belize
      4  CD, Congo, The Democratic Republic of the
      4  EE, Estonia
      4  HN, Honduras
      4  IS, Iceland
      4  MD, Moldova, Republic of
      4  ME, Montenegro
      4  RW, Rwanda
      4  SC, Seychelles
      4  TJ, Tajikistan
      5  AO, Angola
      5  BB, Barbados
      5  CY, Cyprus
      5  MK, Macedonia
      5  SY, Syrian Arab Republic
      6  GE, Georgia
      6  MM, Myanmar
      6  NA, Namibia
      7  BA, Bosnia and Herzegovina
      7  BW, Botswana
      7  CM, Cameroon
      7  LB, Lebanon
      7  MW, Malawi
      8  KW, Kuwait
      8  LA, Lao People's Democratic Republic
      8  MG, Madagascar
      9  IQ, Iraq
      9  LV, Latvia
      9  SD, Sudan
     10  MO, Macau
     10  MZ, Mozambique
     10  ZM, Zambia
     11  AZ, Azerbaijan
     11  CI, Cote D'Ivoire
     11  PS, Palestinian Territory
     11  SN, Senegal
     12  LU, Luxembourg
     13  JO, Jordan
     13  KG, Kyrgyzstan
     13  LY, Libya
     13  QA, Qatar
     13  ZW, Zimbabwe
     14  EU, Europe
     14  FI, Finland
     14  PA, Panama
     16  DZ, Algeria
     16  SI, Slovenia
     17  MU, Mauritius
     18  ET, Ethiopia
     19  MN, Mongolia
     19  TZ, Tanzania, United Republic of
     19  UG, Uganda
     20  AM, Armenia
     20  NZ, New Zealand
     21  GH, Ghana
     22  LK, Sri Lanka
     23  DO, Dominican Republic
     23  UY, Uruguay
     25  GT, Guatemala
     25  KH, Cambodia
     25  UZ, Uzbekistan
     27  CR, Costa Rica
     27  MA, Morocco
     28  DK, Denmark
     28  IL, Israel
     28  SK, Slovakia
     30  HR, Croatia
     30  SA, Saudi Arabia
     31  NG, Nigeria
     32  LT, Lithuania
     34  RS, Serbia
     35  NP, Nepal
     43  KE, Kenya
     44  TN, Tunisia
     50  AE, United Arab Emirates
     50  VE, Venezuela
     51  AP, Asia/Pacific Region
     55  KZ, Kazakhstan
     57  AT, Austria
     57  BO, Bolivia
     57  EG, Egypt
     58  BY, Belarus
     60  CH, Switzerland
     60  NO, Norway
     63  BG, Bulgaria
     65  CZ, Czech Republic
     66  IE, Ireland
     71  PK, Pakistan
     75  PY, Paraguay
     77  BD, Bangladesh
     80  EC, Ecuador
     80  PE, Peru
     85  PT, Portugal
     87  RO, Romania
     92  PH, Philippines
    104  SE, Sweden
    109  TR, Turkey
    117  UA, Ukraine
    129  HU, Hungary
    142  BE, Belgium
    143  IR, Iran, Islamic Republic of
    144  CL, Chile
    148  ZA, South Africa
    173  AU, Australia
    207  MY, Malaysia
    229  PL, Poland
    277  ES, Spain
    285  TH, Thailand
    286  TW, Taiwan
    332  GR, Greece
    371  CO, Colombia
    422  MX, Mexico
    430  HK, Hong Kong
    451  AR, Argentina
    506  VN, Vietnam
    584  ID, Indonesia
    611  IT, Italy
    778  GB, United Kingdom
    813  IP Address not found
    963  SG, Singapore
    974  CA, Canada
   1050  DE, Germany
   1068  RU, Russian Federation
   1095  KR, Korea, Republic of
   1243  NL, Netherlands
   1342  IN, India
   1615  BR, Brazil
   1757  JP, Japan
   2771  FR, France
   8163  US, United States
  15886  CN, China
As always, your mileage might vary, you might find other distributions of the visitors "knocking" on your systems.

regards Henrik
FYI many of the rogue states such as China, North Korea, russia also make use of virtual machines in the cloud in 3rd party countries such as Netherlands, USA, France, Poland, Germany thus do not necessarily accurately reflect the original ownership. Hong Kong is specified as an independent national domain despite the implementation of draconian control by the People's Republic of China.

Add in many of the rogue cyber states make use of hacked machines / bot nets to implement attacks.

Every year or so, another master control of a botnet is taken out / isolated and attacks significantly drop off.

Also many nations use state sponsored groups to launch cyber attacks.

In China there is the 50 cents army (disinformation units) and various Chinese military units such as PLA Unit 61486 (aka Putter Panda or APT2), PLA Unit 61398, and others. China also makes use of hacker Units to steal technology from the West.

In russia there is the Internet Research Agency (disinformation unit associated with Wagner Group PMC and taken over by the GRU upon Prigozhin's elimination), russian Military Intelligence (GRU) units such as Military Unit 74455 (aka Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking), GRU Unit 26165 (APT 28, Fancy Bear), russian Foreign Intelligence Service (SVR) (APT 29, Cozy Bear), et al. russia uses their assets to disrupt infrastructure (banking, hospitals, power infrastructure) in the West and political interference during elections / referendums such as Brexit, US Presidential Elections in 2016, 2020, & 2024, and various European national elections. There is a major political party (cult of personality) in the USA that uses Kremlin talking points unashamedly.

Democratic People's Republic of Korea use military units to actually steal money from financial institutions to generate income bypassing the sanctions regimes. There are reports that DPRK personnel portray themselves as US citizens to get jobs a remote workers to help bring in hard foreign currency for the state thus bypassing sanctions.

The Iranians have their own state funded machinations in the cyber realm.

Welcome to the 21st century.
 
4 members found this post helpful.
Old 06-05-2024, 09:44 AM   #21
_blackhole_
Member
 
Registered: Mar 2023
Distribution: FreeBSD
Posts: 116

Rep: Reputation: 99
I suggest just generating a list of Chinese IP addresses and importing that into iptables/ufw:

https://www.ip2location.com/free/visitor-blocker

As you're running a UK mirror, then blocking a country that's not the UK shouldn't matter and may in fact be desirable.
 
Old 06-05-2024, 10:56 AM   #22
slack-uke
Member
 
Registered: Nov 2013
Location: Toronto, Ontario, Canada
Distribution: Slackware 15.0 64-bit & Current 64-bit
Posts: 94

Rep: Reputation: 93
Quote:
Originally Posted by _blackhole_ View Post
I suggest just generating a list of Chinese IP addresses and importing that into iptables/ufw:

https://www.ip2location.com/free/visitor-blocker

As you're running a UK mirror, then blocking a country that's not the UK shouldn't matter and may in fact be desirable.
There are websites that gather IP addresses per country -- as many IP addresses change hands and thus countries, it is a blunt way of blanket blocking countries because you block the good with the bad.

Examples are like Here:

https://lite.ip2location.com/ip-addr...try?lang=en_US

or here:

https://www.nirsoft.net/countryip/

But some sites give it in a more useful form that includes CIDR to the IP address to use with ipset for an iptables block list -- I have done this for bad actor states.

https://cable.ayra.ch/ip/

or even better:

https://www.countryipblocks.net/acl.php

Keep in mind, lists go out of date constantly so need to update them at least once a month.
 
Old 06-05-2024, 11:05 AM   #23
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,489

Rep: Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361
As an example of how messy IP blocking can get, look at the 92.51.x.x block. Apart from Ireland, there's Russia, Sweden, India, & Germany at least in that block. I only skimmed it. Places which have no or small IP allocations will buy unassigned IP blocks from other countries. Ireland has recently bough a Romanian IP block, but I have no details of the exact IP range.
 
Old 06-05-2024, 02:29 PM   #24
tadgy
Member
 
Registered: May 2018
Location: UK
Distribution: Slackware (servers), Void (desktop/laptop)
Posts: 307

Original Poster
Rep: Reputation: 417Reputation: 417Reputation: 417Reputation: 417Reputation: 417
Quote:
Originally Posted by _blackhole_ View Post
As you're running a UK mirror, then blocking a country that's not the UK shouldn't matter and may in fact be desirable.
While slackware.uk was started as a mirror for the UK, it has grown in usage to a worldwide audience, and hosts key projects that have developers all over the world.

I know I could just block every Chinese IP, but there /are/ legitimate Chinese users who access slackware.uk, and I even host a project that originates from China.
 
4 members found this post helpful.
Old 06-05-2024, 08:08 PM   #25
clipping
LQ Newbie
 
Registered: Jul 2021
Posts: 11

Rep: Reputation: Disabled
Quote:
Originally Posted by tadgy View Post
I've just added the Apache Bad Bot Blocker (available on github) to match and give a 403 to bad bots. This may cause some collateral damage to legitimate users - if this is you, please get in touch with me in this thread or email the mirrors@ address; and I'll do my best to resolve your access.

This is the first time in nearly 20 years that I've had a DoS or had to institute blocking of abusive bots. Times have not moved on in a good way
I think I might have been mildly collateral damaged? I tried to mirror the kernel build scripts earlier today with lftp, and got 403'd.

Code:
$ lftp https://slackware.uk -e \
  "mirror -v -X *xz -X *sign \
  /slackware/slackware64-current/source/k"
cd: Access failed: 403 Forbidden (/)                 
mirror: Access failed: 403 Forbidden (/slackware/slackware64-current/source/k)
1 error detected
The above was a variant of a command from the Slackware docs wiki on using the kernel build scripts, https://docs.slackware.com/howtos:sl..._build_scripts . I used mirrorservice.org.uk to get the files, instead.

I had noticed that updates with slackpkg had been failing recently, error 500 IIRC. But I have hacked apt-cacher-ng to work as a caching proxy for slackpkg, and wasn't sure if the problem was my set up.

Thanks for your efforts with this clearly unwanted attention from bots... well, kiddies of the script variety.


If anyone is running Debian-based machines as well as Slack, and runs apt-cacher-ng, AND wants random config stuff off forums, this will be what you want

In /etc/apt-cacher-ng/acng.conf on a Raspberry Pi I have added:
Code:
# slackware bodge
PfilePatternEx: slackware.*\.txz$
VfilePatternEx: slackware.*(\.bz2|\.txt|\.md5|\.TXT|\.md5\.asc)$
Then any slackpkg commands are run with a specific proxy variable. This should probably be done as an alias, now I think about it.....

Code:
http_proxy=http://server.tld:3142 slackpkg update
 
Old 06-06-2024, 07:16 AM   #26
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Leinster, IE
Distribution: Slackware, NetBSD
Posts: 2,205

Rep: Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781
For someone clueless about running servers at this scale : why do countermeasures like fail2ban, blocklistd (NetBSD) and nginx/apache not deal with these attacks? Are they just too massive? There is also a web server, which I won't name, which drops connections the minute they start to flood the server.
 
Old 06-06-2024, 10:23 AM   #27
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 16,489

Rep: Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361Reputation: 2361
It's also worth noting that for someone in the British isles, there' a lesser known mirror on ftp.heanet.ie which attracts very little attention. Low bandwidth, but it answers you, which is more than can be said for any server under a DoS attack.
 
Old 06-06-2024, 12:01 PM   #28
slack-uke
Member
 
Registered: Nov 2013
Location: Toronto, Ontario, Canada
Distribution: Slackware 15.0 64-bit & Current 64-bit
Posts: 94

Rep: Reputation: 93
Quote:
Originally Posted by Gerard Lally View Post
For someone clueless about running servers at this scale : why do countermeasures like fail2ban, blocklistd (NetBSD) and nginx/apache not deal with these attacks? Are they just too massive? There is also a web server, which I won't name, which drops connections the minute they start to flood the server.
Because there is DDos -- Distributed Denial of Service where one particular IP address only sends one malformed request but receiving 10k-100k such requests from 10k-100k IP addresses over several minutes taxes the firewall / server. Sometimes it is just easier to block say all the IP addresses from known bad state actors.
 
Old 06-06-2024, 01:19 PM   #29
tadgy
Member
 
Registered: May 2018
Location: UK
Distribution: Slackware (servers), Void (desktop/laptop)
Posts: 307

Original Poster
Rep: Reputation: 417Reputation: 417Reputation: 417Reputation: 417Reputation: 417
Quote:
Originally Posted by clipping View Post
I think I might have been mildly collateral damaged? I tried to mirror the kernel build scripts earlier today with lftp, and got 403'd.
You are, indeed, correct - the Bad Bot Blocker config identifies the lftp user agent as a bad bot.

I've now removed lftp from the bad bots list, so you should have full access again.

Thanks for the heads up
 
Old 06-06-2024, 01:34 PM   #30
Gerard Lally
Senior Member
 
Registered: Sep 2009
Location: Leinster, IE
Distribution: Slackware, NetBSD
Posts: 2,205

Rep: Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781Reputation: 1781
Quote:
Originally Posted by slack-uke View Post
Because there is DDos -- Distributed Denial of Service where one particular IP address only sends one malformed request but receiving 10k-100k such requests from 10k-100k IP addresses over several minutes taxes the firewall / server. Sometimes it is just easier to block say all the IP addresses from known bad state actors.
"Known bad state actors" are those countries with whom the English-speaking world is or soon will be at war? Just because these attacks are traced geographically to China, it doesn't follow that they are Chinese attacks. There are foreign interests operating in China, some of whom could be involved. But thanks for your explanation.

Last edited by Gerard Lally; 06-06-2024 at 01:53 PM.
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Canonical's and Red Hat's Shameful War Against One Another... and Against the Already-Marginalised Linux Media LXer Syndicated Linux News 0 06-17-2016 12:44 PM
fdisk - defaults to non Dos but yet uses Dos disklabel dman777 Linux - Hardware 3 04-11-2015 02:40 PM
Executing Perl under Dos /Creating an executable for DOS alix123 Programming 1 02-15-2006 04:07 AM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 01:18 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 12:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration