Conversation

Our ns1.grapheneos.org DNS server was targeted by a DoS attack yesterday. They didn't target the DNS service but rather... SSH. That's a new one. Can see the traffic spike but it was hardly anything compared to the usual attacks. Still, SSH buckled. nodeping.com/reports/status

Replying to

If you're running recent OpenSSH sshd then check out PerSourceMaxStartups/PerSourceNetBlockSize for some anti-DoS measures Also turning off the non-ECC key exchange algorithms removes the major CPU hogs. Something like: KexAlgorithms=-diffie-hellman-* should work

Replying to

It's the current stable release on Linux: OpenSSH_8.7p1, OpenSSL 1.1.1l 24 Aug 2021. Configuration is at github.com/GrapheneOS/inf. PerSourceMaxStartups would have helped a lot. This was very small scale compared to the usual attacks on our web servers. It's weird to DoS SSH...

github.com

infrastructure/sshd_config at main · GrapheneOS/infrastructure

Shared server infrastructure. Contribute to GrapheneOS/infrastructure development by creating an account on GitHub.

Replying to

and

They stopped pretty much immediately once it started causing rejected connections. The intention appears to have been testing how easily they could cause a disruption. Traffic burst only lasted about a minute. I assume they're going to start bothering us regularly with this now.

4:35 AM · Sep 6, 2021Twitter Web App