Re: [bitfolk] Strange DDOS attack?

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M\MM+-\Max B at <-
MMMMM\MGraham Bleach at ->

Reply to this message
Author: Graham Bleach
Date:  
To: Bitfolk Users
Subject: Re: [bitfolk] Strange DDOS attack?
On Tue, Dec 31, 2013 at 12:18 AM, Tony Andersson
<BitFolkList@???> wrote:
> Realised the second after I pressed the send button that the answer to
> the ban issue is because those attacks are on ip v6
>
> root@bitfolk:/etc/fail2ban# netstat -n
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State
> tcp6       0      1 85.119.82.79:80         121.168.45.218:1446     FIN_WAIT1
> tcp6       0      1 85.119.82.79:80         24.186.158.213:61301    FIN_WAIT1
> tcp6       0      1 85.119.82.79:80         67.180.245.251:17277    FIN_WAIT1
> tcp6       0      1 85.119.82.79:80         71.218.243.152:25311    FIN_WAIT1

Those are IPv4 addresses, they should be firewalled by iptables as usual.

I think this happens when a service binds a socket to both ipv4 and
ipv6: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453272

Cheers,
Graham

This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Strange DDOS attack?Re: [bitfolk] Strange DDOS attack?->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)