The Boston Diaries

The ongoing saga of Sean Conner, who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Tuesday, March 31, 2026

I'm giving up on the Brazilian SYN attacks

For the past few months I've been slowly building up a list of Brazilian networks to block, and if the theory of why it's happening is true, then it's going to be a long slog of banning Brazilian networks for, if not months, then years (with a reported 21,000+ ISPs in Brazil … yeah). Just yesterday, I ended up blocking somewhere around 10 networks before I stopped and asked myself, Myself, how did I get here?

On the one hand, I don't want to participate in a DDoS attack. On the other hand, I don't like the idea of blocking an entire country. But the attacks just keep on coming. I could write a program that runs every n minutes, scans for excessive TCP connections in the SYN_RECV state, identify the ASN of the offending IP address and block it, retiring out older blocks to keep from overwhelming the firewall. It's just that it adds another cog on the server to keep greased, and the attacks aren't that distruptive on the server—they're just annoying.

Generally, the attacks towards any given Brazilian network would last for a few days then drop off entirely. I also suspect that most of the forged IP addresses are not in use. I attempted to ping a few and never received a reply (although it could be that ping packets were being blocked on the Brazilian side, I was able to ping a few IP addresses in a block that was being attacked but never to an IP address that “sent” a SYN packet).

Ideally to fix this issue, network operators would filter for forged IP traffic at the edge of their networks (where computers connect), and shut off the connection to the compromised computer. Or maybe just nuke every Windows system off the Internet just to make sure.

In the meantime, I give up. I removed all the blocks I've built up over the past few months (70 of them—nearly one a day) and just resigned myself to be an unwilling participant in a Brazilian DDoS attack.

Sigh.

Obligatory Picture

[Self-portrait with a Christmas Tree] Oh Chrismtas Tree! My Christmas Tree! Rise up and hear the bells!

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

Obligatory AI Disclaimer

No AI was used in the making of this site, unless otherwise noted.

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2026 by Sean Conner. All Rights Reserved.