On 1 Nov 2019, at 01:01, Andy Smith <andy(a)bitfolk.com> wrote:
I've been noticing SYN flooding¹ on various TCP
services going on for
weeks now, not just against BitFolk hosts but against all hosts I
have access to, worldwide. Others have noticed it too.
Today I also noticed that some customer DNS and HTTP servers were
occasionally taking a long time (10+ seconds) to respond and this was
generating an alert from our monitoring, which would then clear, and
then trigger again.
I have three servers (one at BitFolk) with ports 80 and 443 open and I don’t see any SYN
flooding directed at me but all three servers seem to be taking part in SYN flooding
against others. This has been going on for months and the traffic is low-level.
All three servers are sending SYN ACKs to addresses in 185.90.0.0/16 at the moment but it
often changes.
Mike