Re: try harder update?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Monday 02 of November 2020 16:46:00 Mike Bird via tde-devels wrote:
> Thanks Slávek.
>
> OK, so here's the state of play if someone smarter than me has
> any ideas.
>
> Felix is downloading at 10.4MB/s - over 80Mbps.  Could the
> server think this is a DOS attack?  I'm 99% certain there's not
> a transparent proxy involved.
>

On mirror.ppa.trinitydesktop.org (37.205.10.16), which is not preceded by a 
foreign firewall, there is apache with a redirector that handles requests. 
The apache log shows the IP address from Felix, so yes, it should confirm 
that the requests are coming from his address, not hidden behind some 
transparent proxy. I have no idea if there could be some hidden UTM 
inspecting traffic and acting weird.

For example, on UPC (now Vodafone) I observe that downloaded packages are 
sometimes damaged. Usually the size is correct, but the checksum is 
incorrect. I observed this behavior when there was a UTM in the way that 
behaved poorly when downloading using HTTP/1.1. When HTTP/1.0 was used, it 
behaved correctly. However, even in this case I see the requests in the 
apache log from the correct IP address :(

In any case, this is clearly a different case from Felix's.


I don't see any unusual network load on the VPS. The bandwidth on a VPS 
should provide 300 MBps, however this is not so important because the file 
download redirector refers to mirrors. Currently, our VPS is located on 
node9.prg, which does not show any significant load:

https://prasiatko.vpsfree.cz/munin/prg.vpsfree.cz/node9.prg.vpsfree.cz/index.html

This really doesn't look like a DOS attack.
Any ideas what to verify?


> --Mike
>
>
> Felix during apt upgrade (from multiple repos in parallel) sees:
> ===================================
> Get:22 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14
> amd64 juk-trinity amd64 4:14.0.9-0debian11.0.0+0~a [699 kB]
> 
> 31% [22 juk-trinity 46.3 kB/699 kB 7%] [316 python3.8-minimal 14.0
> kB/1,863 kB 1%] [Waiting for headers]
> 9,609 kB/s 33s
>
> Err:30 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14
> amd64 kbstate-trinity amd64 4:14.0.9-0debian11.0.0+0~a
>   Error reading from server. Remote end closed connection [IP:
> 37.205.10.16 80]
> 
> 31% [22 juk-trinity 305 kB/699 kB 44%] [316 python3.8-minimal 14.0
> kB/1,863 kB 1%] [Connecting to mirror.ppa.trinitydesktop.org
> (37.205.10.16)] 9,609 kB/s 33s
> 31% [316 python3.8-minimal 16.9 kB/1,863 kB 1%] [Connecting to
> mirror.ppa.trinitydesktop.org (37.205.10.16)]
> 9,609 kB/s 33s
>
> Get:23 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14
> amd64 kaboodle-trinity amd64 4:14.0.9-0debian11.0.0+0~a [120 kB]
> 
> 31% [23 kaboodle-trinity 65.5 kB/120 kB 55%] [316 python3.8-minimal 16.9
> kB/1,863 kB 1%] [Connecting to mirror.ppa.trinitydesktop.org
> (37.205.10.16)] 9,609 kB/s 33s
> ===================================
>
>
> Meanwhile the server sees only:
> ===================================
> /var/log/apache2/ppa-access.log:24.75.154.218 - - [02/Nov/2020:09:20:19
> +0000] "GET
> /trinity-sb/pool/main-r14/t/tdemultimedia-trinity/juk-trinity_14.0.9-0de
>bian11.0.0%2b0%7ea_amd64.deb HTTP/1.1" 302 0 "-" "Debian APT-HTTP/1.3
> (1.8.2.1)"
> /var/log/apache2/ppa-access.log:24.75.154.218 - - [02/Nov/2020:09:20:19
> +0000] "GET
> /trinity-sb/pool/main-r14/t/tdemultimedia-trinity/kaboodle-trinity_14.0.
>9-0debian11.0.0%2b0%7ea_amd64.deb HTTP/1.1" 302 0 "-" "Debian
> APT-HTTP/1.3 (1.8.2.1)"
> ===================================
> ____________________________________________________
> tde-devels mailing list -- devels@xxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devels-leave@xxxxxxxxxxxxxxxxxx
> Web mail archive available at
> https://mail.trinitydesktop.org/mailman3/hyperkitty/list/devels@trinityd
>esktop.org

Cheers
-- 
Slávek

Attachment: signature.asc
Description: This is a digitally signed message part.

____________________________________________________
tde-devels mailing list -- devels@xxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devels-leave@xxxxxxxxxxxxxxxxxx
Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/devels@xxxxxxxxxxxxxxxxxx
[Index of Archives]     [Trinity Users]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [KDE]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]     [Trinity Desktop Environment]

  Powered by Linux