I know this isn’t the kind of news Linux fans were hoping to read on Christmas Day, but unfortunately, on a day meant for faith, kindness, and hope, others are choosing to act in exactly the opposite way.
Many of you probably remember the problems Arch faced just a few months ago due to massive DDoS attacks, which mainly affected the AUR. Sadly, just when it seemed those issues were behind, a new large-scale DDoS attack on Christmas Day once again made the distribution’s website effectively inaccessible.
I had a ddos in 01, took the entire cluster down for a fairly popular website.
Traffic distribution was very wide; everything was on port 80.
All the traffic would come in, smack the front page, then disappear.
Turns out marketing had purchased an ad on MSN which was a hot search engine at the time, we were supposed to be the top link for any search with “school, education, classes, tutoring”. MSN accidentally made us the top link for EVERY search term. My T1 and my BGP frame connection were balls to the wall for 3 days.
OBV, this isn’t marketing, but they’re not a great target. No one’s getting any money from it, They don’t have any stiff corporate competition.
Would it be possible for an average user like me to host the whole AUR and the whole Arch Wiki to make it available at times like this? I’m already seeding a couple of Arch isos (not pirate lingo).
I just want to help out.
Arch aur mirror might be the searchable term you want to find out.
The AUR is already officially mirrored on GitHub, at least since the last attack (that I heard of).
For the Wiki, I’m not sure if database dumps are provided for people to provide proper mediawiki mirrors. If they’re not, you should propose the idea. It’s a good one (as long as the dumps themselves are not hosted in one place that can be DDoS-ed itself).
Why ipv6 only though? Is there something about it that makes it more resilient to DDOS? If a device on the botnet has both ipv4 and ipv6 I don’t see how it’s mitigated
deleted by creator
The botnet’s code probably doesn’t support IPv6.
Is there something about it that makes it more resilient to DDOS?
While archlinux.org doesn’t do this, you can have multiple A and AAAA records which can provide DNS based load balancing, and IPv6 is easier to do that with since you usually get allocated a whole prefix. Of course that only helps to distribute the load, if your internet connection is the bottleneck then it won’t help.
It’s common practice to “blackhole” targets of DDoS attacks as a defensive measure. Blackholing means that packets coming into the network for a specific IP get discarded which lowers the stress on the network and especially on the receiving server. The server will work as if there was no attack but will only be accessible on non blackholed IPs. This would of course require the IPv6 to not get attacked either.
I’m guessing that’s what’s happening here.
Some dad is doing this so his son would come out the basement for Christmas and spend time with the family.
