Saturday, April 04, 2020
I don't quite understand this attack
Blocking ssh
login attempts is working,
but I have noticed another odd thing—the large number of TCP connections in the SYN_RECV
state.
This is indicitive of a SYN
flood,
but what's weird is that it's not from any one source,
but scores of sources.
And it's not enough to actually bring down my server.
I spent a few hours playing “whack-a-mole” with the attacks, blocking large address spaces from connection to my server, only to have the attack die down for about five minutes then kick back up from a score of different blocks. The only thing in common is that all the blocks seem to be from Europe.
And this is what I don't understand about this attack.
It's not large enough to bring down my server
(although I have SYN
cookies enabled and that might be keeping this at bay)
and it's from all over European IP space.
I don't get who's getting attacked here.
It could easily be spoofed packets being sent,
but what's the goal here?
It's all very weird.
I'd put this off, but I'm trying to procrastinate my procrastination
I tends towards procrastination. I hate it, yet I do it. Or don't do it … depending on how you want to look at things. I don't think I can verbalize why I do it, but this video on doing that one thing pretty much sums it up, I think. Only my one thing isn't the one thing in the video.
Anyway, to stop this habit, I might have to try The 10 Minute Rule, where you give a task 10 minutes a day. Over time, it'll get done.
Perhaps I'll start tomorrow.