[Operators] DDoS attacks against jabber.org

Kevin Smith kevin at kismith.co.uk
Fri Feb 7 09:28:05 UTC 2014


On Fri, Feb 7, 2014 at 8:54 AM, Mathieu Pasquet <mathieui at mathieui.net> wrote:
> That is why I find
> it quite unfair to behave as if the server admins weren't having a
> problem with the rogue activity.

Nobody is doing this. The servers in question aren't blocked as
punishment, they're blocked to protect the jabber.org service.

> Ultimately, the best thing would first be to have better rate-limiting
> tools. It is no silver bullet, but being able to rate-limit outgoing
> connections individually and globally would be a great improvement over
> what there is today (and mod_limits in prosody is a start in this
> direction).

Part of the problem with these attacks is that they're distributed
across a number of servers (actually a fairly small number for the
current attack, it seems, I've seen much larger distribution (maybe
more servers have protection against rogue registrations now)), so
rate limiting at the single outgoing connection might help, but
doesn't really address the issue, as far as I can tell.

Also worth noting is that rate limiting incoming S2S is harmful to the
server that is trying to send the data (it then has to queue the data
or drop them on the floor), which is a large part of why these DDoS
attacks work.

/K


More information about the Operators mailing list