Daniel Micay on Twitter: "@ariadneconill @damienmiller There are frequent DDoS attacks on our web servers but they don't usually accomplish anything. They started very successfully blocking SSH access by making a bunch of connections to it though. It didn't actually interfere with anything beyond making uptime checks start failing." / Twitter

twitter.com/DanielMicay/st This started happening again but github.com/GrapheneOS/inf has deterred it for the time being per

@damienmiller

's suggestion. It's a stopgap for now and will need to be made stricter for IPv6 along with deploying a better solution to this new annoyance.

Quote Tweet

Daniel Micay

@DanielMicay

Sep 5, 2021

Our ns1.grapheneos.org DNS server was targeted by a DoS attack yesterday. They didn't target the DNS service but rather... SSH. That's a new one. Can see the traffic spike but it was hardly anything compared to the usual attacks. Still, SSH buckled. nodeping.com/reports/status

2

7

Replying to

and

what the fuck why would somebody ddos you

2

Replying to

and

There are frequent DDoS attacks on our web servers but they don't usually accomplish anything. They started very successfully blocking SSH access by making a bunch of connections to it though. It didn't actually interfere with anything beyond making uptime checks start failing.

4:00 AM · Sep 7, 2021Twitter Web App

Replying to

and

SSH defaults to making new connections fail with 30% probability after 10 unauthenticated connections with a hard maximum of 100. There's no default per-IP limit so it's trivial to DoS without DDoS. Key-only authentication obviously so raising connections substantially is fine.

1

Replying to

and

I would have started doing something about it sooner if I'd realized how easy it was to DoS SSH access. It's pretty much typical that there's at least one DDoS attack on a web service daily but it just triggers OVH DDoS mitigation and accomplishes very little most of the time.

2

Conversation