Thursday, January 01, 2026
Despite it being a new year, the scams will never stop coming
The clock struck midnight, the Times Square ball fell, and scams are still a thing in this year of 2026.
Bunny has now received the same text message twice:
Florida Buraeu of Motor Vehicles Final Notice:
According to our records, the traffic violation associated with your account remains unresolved. This is a final reminder that payment has not been received.
In accordance with Florida Code Title 9 Motor Vehicles § 9–18–2–7, if full payment is not submitted by January 1, 2026, the following enforcement actions will be initiated:
- Official violation recorded with the Florida FLHSMV
- Revocation of vehicle registration effecitive January 2, 2026
- Suspension of driver's license for a minimum of 30 days
- Referral of the outstanding debt to a collections agency, with an additional fee of up to 35%
- Potential legal proceedings and adverse credit reporting
To avoid these penalties, please settle your payment immedately through our official payment portal:
https://flhsmv.govsar.help?var=XXXXXXXXXX
The first time was, I don't know, earlier this month. I thought then, and I still think it now, that any “official notification” would come through the U.S. Postal Service (aka “snail mail”) than a vague text message.
Also, by the time a debt hits the collection agencies, the organization with the debt has already written it off and sold the debt to said collection agencies, and I somehow don't think government organizations would sell off debt to collection agencies. Why would they? They have the means (read: guns) to collect if they really wanted to.
Anyway, a search later, and I found this alert from the Florida Department of Highway Safety and Motor Vehicles about this scam, and they mention the fact they will never send such a notice via text message, but will instead use snail mail.
So Happy New Year everybody!
Friday, January 02, 2026
I hope this isn't an omen for the year that just started
I start the car up, and immedately I'm alerted to low presure in the front left tire—it's only 27psi (or 1.9kgf/cm2 for those of you deficient in the Imperial System of measure and weights) when it normally should be 35psi (2.5kgf/cm2). No problem, I thought. I'll just haul out the air compressor.
Easier said than done (have to move the lawn mower to reach the tire valve attactment, and I have to move several miscellaneous items to extract the compressor unit, then find an extension chord, etc.) but I finally had it set up, turned on, and started to inflate the tire.
After several moments, the tire pressure was lower than it was. Maybe I'm not getting getting a good seal on the tire air valve, I thought. I tried several times and … the tire pressure is now even lower. I kept at it until the tire got to 13psi (0.9kgf/cm2). I then decided to try another tire. It should surprise no one that doing the same thing and expecting different results did not in fact result in different results. Now I had two low tires.
Maybe it's something to do with the compressor, I thought. I examine the unit, and indeed, it was something to do with the unit—I had forgotten to close a valve on the bottom of the unit. All the air it was trying to compress was blowing out the valve used to empty the compressed air from the unit when you're done with it. I use the compressor unit enough to know how to use it to reinflate my tires, but not enough to remember a valve that needs to be closed before it'll work properly.
Sigh.
Welcome to the New Year everybody!
Why does the Electoral College exist?
The Electoral College in the U.S. is a controversial aspect of electing the President, but not many people understand why it was done. That's why I find “Why does the Electoral College exist?” video so good—it goes into the history of why the Founding Fathers picked such a convoluted scheme to elect the President (and I did not know that direct election by the population was on the table). It basically comes down to the Founding Fathers distruct in direct democracy and the fear of large population states running roughshod over less populated states. Also, while democratic institutions have been around for a about two thousand years, it had never been done at a country level (cities, yes. Countries, not so much). As such, the Founding Fathers were treading into uncharted territory and given what they knew at the time, I don't think they did all that bad.
It's worth the watch.
Heck, the entire Premodernist channel is worth watching.
Monday, January 05, 2026
A small update on my spam situation
The topic of greylisting came up on Hacker News
and it reminded me—it's been eight years since I last checked my greylist daemon.
Well,
it still easily blocks 50% of the spam sent my way.
Of the remaining spam that does get through,
a majority of it is addressed towards my registrar email address.
Years ago when I switched away from Network Solutions the first time,
I created a new email address for Doster,
but that was long before registrars even started offering redacted whois information for a price
(and now it's pretty much done for free),
so my registrar email address got picked up by every spammer everywhere.
But that was then,
this is now,
and when I switched away from Network Solutions for the second time
(since they ultimately bought Dotster),
I created a new email address for Porkbun.
The difference is that now,
such information is automatically redacted from general whois information so it shouldn't be spammed.
So it was a few days ago I finally got around to deleting my old registrar email address. And guess what? That “majority of spam” sent to my old registrar address was over 90% of the spam that got through the greylisting daemon. My email has been very quiet since.
And I also no longer have to deal with emails from Network Polutions asking why I'm no longer paying them money, and would I mind taking a survey to see how they could imprive their business. No, I'd rather not.
Wednesday, January 07, 2026
Notes on an overheard conversation while on the way to lunch
“Ooh look! That is such a cool yellow Mini Cooper!”
“Neat.”
“It's so mini.”
“So many what?”
“It's too … Mini Cooper.”
“There's only one Mini Cooper.”
“Pththththththththth.”
Wednesday, January 28, 2026
Notes on an overheard conversation while at the doctor's office
“Hello! How are we doing today?”
“I'd like to lodge an official complaint.”
“Sigh.”
“You know what this is about.”
“It's about the front desk, isn't it?”
“Yes. The new sign-in procedure sucks!”
“It didn't work for you at all?”
“I was able to scan the QR code. It took entirely too long for the web page to come up.”
“You might have to use the WiFi for that.”
“Yes, that's why it took so long. I had to sign on the WiFi. Then I filled out the information, including the cell phone number. The code sent to it failed. Multiple times.”
“Yeah, we've had lots of complaints about it not working.”
“On thinking about it, I bet you have the land line on file, which can't receive texts!”
“I had nothing to do with this. It was the admins that mandated this new system.”
“So did they hold out for hookers and blow? Or did they settle for strippers and steak?”
“HONEY!”
“I don't know … it's above my pay grade.”
I still don't understand this SYN attack, but now I can block it easily
It's been almost six years since I first started seeing this attack, only now it's no longer from European IP addresses. I'm still unsure what is going on with the attack. There will be up to around 100 connections to the web server in the SYN state, all with different IP addresses, but all apparently from networks in Brazil and it's never enough to really affect the server. I finally got tired of whack-a-mole and filling up my firewall with scores of networks to block. I decided to see what data is actually being sent and hopefully find a better way to block such traffic.
I recalled there was a way to get iptables to log matches,
and with some searching of documentation,
I was able to get it working:
RootUnixPrompt>iptables -A INPUT -s 168.195.0.0/16 -j LOG --log-ip-options --log-tcp-options --log-tcp-sequence
Note: the options for the LOG target must be after the -j LOG option.
I found that out the hard way.
Also,
the data may not make it to syslog—if it doesn't,
use dmesg to read them.
Again, I found that out the hard way.
So with that out of the way, I was able to finally get some information about these mysterious SYN requests:
[4576126.770966] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=116 ID=14490 DF PROTO=TCP SPT=30812 DPT=443 SEQ=1800275334 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576126.842410] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=118 ID=4029 DF PROTO=TCP SPT=17025 DPT=443 SEQ=1972924351 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576126.899748] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=120 ID=48610 DF PROTO=TCP SPT=55951 DPT=443 SEQ=1319626236 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576127.200822] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=108 ID=60712 DF PROTO=TCP SPT=877 DPT=443 SEQ=1363305157 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576127.467747] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=102 ID=39868 DF PROTO=TCP SPT=28345 DPT=443 SEQ=2567038192 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576127.908861] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=105 ID=52524 DF PROTO=TCP SPT=41729 DPT=443 SEQ=177291672 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576127.915626] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=106 ID=53787 DF PROTO=TCP SPT=61636 DPT=443 SEQ=3499780163 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576128.022432] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=118 ID=62833 DF PROTO=TCP SPT=38936 DPT=443 SEQ=1853541668 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576128.112272] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=113 ID=34813 DF PROTO=TCP SPT=50411 DPT=443 SEQ=2385563365 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576128.350504] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=117 ID=59160 DF PROTO=TCP SPT=23412 DPT=443 SEQ=2152520559 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576128.853818] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=105 ID=19965 DF PROTO=TCP SPT=17423 DPT=443 SEQ=2015225923 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576129.421230] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=115 ID=16281 DF PROTO=TCP SPT=31847 DPT=443 SEQ=2649527615 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576129.493294] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=118 ID=33977 DF PROTO=TCP SPT=52831 DPT=443 SEQ=2768111495 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576129.718449] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=103 ID=17382 DF PROTO=TCP SPT=37097 DPT=443 SEQ=1960327355 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576130.468975] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=101 ID=35434 DF PROTO=TCP SPT=54767 DPT=443 SEQ=1547341723 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402) [4576130.663255] IN=venet0 OUT= MAC= SRC=168.195.XXXXXXX DST=66.252.224.242 LEN=52 TOS=0x08 PREC=0x40 TTL=115 ID=56729 DF PROTO=TCP SPT=22999 DPT=443 SEQ=2916546158 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405140103030801010402)
What leapt out at me is the TTL values—they were always larger than 99. From what I recall, a typical TTL is usually 64 or thereabouts in a normal TCP connection. So, making an executive decision, I ran the following command to block SYN packets with a TTL larger than 70:
RootUnixPrompt>iptables -A INPUT -m ttl --ttl-gt 70 -j DROP
It didn't break anything apparent. My SSH connection was still live. The web server, gopher and Gemini servers are still getting traffic. I'm still getting email. But I'm no longer seeing connections stuck in the SYN state. It's been about 16 hours or so, and I see I've blocked 171,194 connections. That one new firewall rule seems to have done the trick.
It still doesn't answer why this is being done though. Weird.
Update on Thursday, January 29th, 2026
Microsoft Windows has a TTL of 128. Of course it does! Sigh.
Discussions about this entry
- I still don't understand this SYN attack, but now I can block it easily | Lobsters
- I still don't understand this SYN attack, but now I can block it easily | Hacker News
- I still don't understand this SYN attack, but now I can block it easily - Lemmy: Bestiverse
- I still don't understand this SYN attack, but now I can block it easily - ZeroBytes
- Lazy Reading for 2026/02/08 – DragonFly BSD Digest
Thursday, January 29, 2026
I still don't understand this SYN attack, but now I can't block it easily
I did not get the memo that Windows uses an IP TTL of 128.
On the one hand, I was able to avoid that weird SYN attack I've been under for six years, quite a bit of spam, and less bad web bot activity for the past 24 hours. On the other hand, any legitimate traffic to my web site from Windows users was lost. On the gripping hand, is anybody using Windows to read my site? I don't know, but it was worrisome enough for me to remove the filter.
In the time it took me to type netstat -an
(which displays all the network connections on the server)
right after removing the filter,
I had over 100 IP addresses in the SYN_RECV state:
tcp 0 0 66.252.224.242:443 45.227.45.210:36527 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.64:36909 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.157:10968 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.69:52378 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.170:45186 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.83:28792 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.217:15376 SYN_RECV tcp 0 0 66.252.224.242:443 100.53.53.5:45160 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.120:45659 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.133:16120 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.250:15675 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.232:47103 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.76:3458 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.133:31970 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.246:8948 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.160:24317 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.231:63452 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.152:28002 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.104:32878 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.247:40848 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.107:59699 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.243:61639 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.119:237 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.221:19952 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.82:44089 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.178:64103 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.243:36812 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.245:7855 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.74:10217 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.176:22833 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.112:40901 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.42:8195 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.53:27914 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.78:13638 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.140:4838 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.149:2145 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.210:23419 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.201:1951 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.82:53191 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.185:39474 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.134:23672 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.207:26302 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.57:17502 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.188:16945 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.164:58069 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.193:39283 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.117:35051 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.17:65005 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.43:2512 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.46:6447 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.185:35912 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.180:9989 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.88:55133 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.183:55030 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.61:54573 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.48:48487 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.57:17238 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.131:43127 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.90:61334 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.1:8217 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.85:27538 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.146:64006 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.240:44936 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.180:49849 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.85:40926 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.97:12475 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.212:27106 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.120:947 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.35:23887 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.240:11661 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.108:47817 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.218:31611 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.57:49775 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.54:63847 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.71:4231 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.136:49246 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.254:55247 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.206:24816 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.90:12459 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.20:42069 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.81:16082 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.71:14432 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.108:32404 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.135:39792 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.221:61593 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.125:28126 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.45:63681 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.192:29278 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.195:58573 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.220:6026 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.199:11577 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.246:3540 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.117:19364 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.120:32256 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.140:43804 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.177:42411 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.182:46776 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.213:11141 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.187:11828 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.198:5337 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.181:30734 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.142:20519 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.97:58468 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.192:11928 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.157:24941 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.101:36884 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.117:5093 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.112:22116 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.48:34003 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.45.139:32440 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.119:63040 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.128:36298 SYN_RECV tcp 0 0 66.252.224.242:443 45.227.44.94:22124 SYN_RECV
Normally,
I might see one or two such entries from netstat -an but not over 100.
And as I've stated,
this isn't enough to be an actual DoS or even a DDoS,
but it is enough to be annoying.
I can block the attack easily enough but it's a game of whack-a-mole—I can block 45.227.44.0/23 but in a few days,
this will return from yet another Brazilian network,
like 168.195.0.0/23 from the other day.
And that's what I don't get about this—what is the end game here?
What are the operators from this attack hoping to gain?
From the comments I've received,
one other person has seen a similar attack
so at least I'm not alone in this.
And I checked with some other customers at my hosting company and yes,
they too are being hit with this attack.
The fact that this all stopped the second I filtered out IP packets with a TTL greater than 70 tells me this is from exploited Windows systems. Are they in fact actual Brazilian computers? Or Windows computers elsewhere forging IP addresses? Is this an SYN flood attack that might have worked 30 years ago but not on today's Internet?
I don't know.
All I do know is I wish I had a way to stop it. And what's the thought behind this attack?
Maybe it is indeed, worth adding the IP TTL filter back and just deal with no one using Windows being able to hit my site, just to avoid the crap traffic.
Discussions about this entry
Saturday, January 31, 2026
Technology Connections talks about solar and then goes nuclear
Yes, the Technology Connections video “You are being misled about renewable energy technology” is long, but like all his videos, they're worth watching for the indepth reporting he does on what otherwise might sound rather mundane. Here, he talks mostly about solar power, but the last third is, in my opinion, when he goes nuclear, needs to be watched.
![[Self-portrait with a Christmas Tree] Oh Chrismtas Tree! My Christmas Tree! Rise up and hear the bells!](https://www.conman.org/people/spc/about/2025/1203.t.jpg "Oh Chrismtas Tree! My Christmas Tree! Rise up and hear the bells!")