On Monday 02 of November 2020 16:46:00 Mike Bird via tde-devels wrote:

Thanks Slávek.

OK, so here's the state of play if someone smarter than me has any ideas.

Felix is downloading at 10.4MB/s - over 80Mbps. Could the server think this is a DOS attack? I'm 99% certain there's not a transparent proxy involved.

On mirror.ppa.trinitydesktop.org (37.205.10.16), which is not preceded by a foreign firewall, there is apache with a redirector that handles requests. The apache log shows the IP address from Felix, so yes, it should confirm that the requests are coming from his address, not hidden behind some transparent proxy. I have no idea if there could be some hidden UTM inspecting traffic and acting weird.

For example, on UPC (now Vodafone) I observe that downloaded packages are sometimes damaged. Usually the size is correct, but the checksum is incorrect. I observed this behavior when there was a UTM in the way that behaved poorly when downloading using HTTP/1.1. When HTTP/1.0 was used, it behaved correctly. However, even in this case I see the requests in the apache log from the correct IP address :(

In any case, this is clearly a different case from Felix's.

I don't see any unusual network load on the VPS. The bandwidth on a VPS should provide 300 MBps, however this is not so important because the file download redirector refers to mirrors. Currently, our VPS is located on node9.prg, which does not show any significant load:

https://prasiatko.vpsfree.cz/munin/prg.vpsfree.cz/node9.prg.vpsfree.cz/index...

This really doesn't look like a DOS attack. Any ideas what to verify?

--Mike

Felix during apt upgrade (from multiple repos in parallel) sees:

Get:22 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14 amd64 juk-trinity amd64 4:14.0.9-0debian11.0.0+0~a [699 kB]  31% [22 juk-trinity 46.3 kB/699 kB 7%] [316 python3.8-minimal 14.0 kB/1,863 kB 1%] [Waiting for headers] 9,609 kB/s 33s

Err:30 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14 amd64 kbstate-trinity amd64 4:14.0.9-0debian11.0.0+0~a Error reading from server. Remote end closed connection [IP: 37.205.10.16 80]  31% [22 juk-trinity 305 kB/699 kB 44%] [316 python3.8-minimal 14.0 kB/1,863 kB 1%] [Connecting to mirror.ppa.trinitydesktop.org (37.205.10.16)] 9,609 kB/s 33s 31% [316 python3.8-minimal 16.9 kB/1,863 kB 1%] [Connecting to mirror.ppa.trinitydesktop.org (37.205.10.16)] 9,609 kB/s 33s

Get:23 http://mirror.ppa.trinitydesktop.org/trinity-sb bullseye/main-r14 amd64 kaboodle-trinity amd64 4:14.0.9-0debian11.0.0+0~a [120 kB]  31% [23 kaboodle-trinity 65.5 kB/120 kB 55%] [316 python3.8-minimal 16.9 kB/1,863 kB 1%] [Connecting to mirror.ppa.trinitydesktop.org (37.205.10.16)] 9,609 kB/s 33s ===================================

Meanwhile the server sees only:

/var/log/apache2/ppa-access.log:24.75.154.218 - - [02/Nov/2020:09:20:19 +0000] "GET /trinity-sb/pool/main-r14/t/tdemultimedia-trinity/juk-trinity_14.0.9-0de bian11.0.0%2b0%7ea_amd64.deb HTTP/1.1" 302 0 "-" "Debian APT-HTTP/1.3 (1.8.2.1)" /var/log/apache2/ppa-access.log:24.75.154.218 - - [02/Nov/2020:09:20:19 +0000] "GET /trinity-sb/pool/main-r14/t/tdemultimedia-trinity/kaboodle-trinity_14.0. 9-0debian11.0.0%2b0%7ea_amd64.deb HTTP/1.1" 302 0 "-" "Debian APT-HTTP/1.3 (1.8.2.1)" =================================== ____________________________________________________ tde-devels mailing list -- devels@trinitydesktop.org To unsubscribe send an email to devels-leave@trinitydesktop.org Web mail archive available at https://mail.trinitydesktop.org/mailman3/hyperkitty/list/devels@trinityd esktop.org

Cheers