From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <overseers-return-6767-listarch-overseers=sources.redhat.com@sources.redhat.com>
Received: (qmail 2728 invoked by alias); 7 Apr 2004 02:59:37 -0000
Mailing-List: contact overseers-help@sources.redhat.com; run by ezmlm
Precedence: bulk
List-Archive: <http://sources.redhat.com/ml/overseers/>
List-Post: <mailto:overseers@sources.redhat.com>
List-Help: <mailto:overseers-help@sources.redhat.com>,
	<http://sources.redhat.com/ml/#faqs>
Sender: overseers-owner@sources.redhat.com
Received: (qmail 2646 invoked from network); 7 Apr 2004 02:59:33 -0000
Received: from unknown (HELO RERELAY.conquestis.com) (63.144.52.41)
  by sources.redhat.com with SMTP; 7 Apr 2004 02:59:33 -0000
Received: from timesys.com ([66.230.74.196]) by RERELAY.conquestis.com with Microsoft SMTPSVC(5.0.2195.6713);
	 Tue, 6 Apr 2004 22:58:34 -0400
Received: by timesys.com (Postfix, from userid 201)
	id 632D8400028; Tue,  6 Apr 2004 22:59:31 -0400 (EDT)
Date: Wed, 07 Apr 2004 02:59:00 -0000
From: Christopher Faylor <cgf@alum.bu.edu>
To: dje@watson.ibm.com, overseers@sources.redhat.com,
	jifl@eCosCentric.com
Subject: Re: htdig and sources.redhat.com loadavg
Message-ID: <20040407025931.GE15576@coc.bosbc.com>
Mail-Followup-To: dje@watson.ibm.com, overseers@sources.redhat.com,
	jifl@eCosCentric.com
References: <200404051849.i35InoT27980@makai.watson.ibm.com> <20040405205147.GA21949@coc.bosbc.com> <200404061449.i36EnaT32792@makai.watson.ibm.com> <4072D85D.3000101@eCosCentric.com> <m33c7h9i0j.fsf@gossamer.airs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <m33c7h9i0j.fsf@gossamer.airs.com>
User-Agent: Mutt/1.4.1i
X-OriginalArrivalTime: 07 Apr 2004 02:58:34.0436 (UTC) FILETIME=[3750F040:01C41C4C]
X-SW-Source: 2004-q2/txt/msg00086.txt.bz2

On Tue, Apr 06, 2004 at 12:40:44PM -0400, Ian Lance Taylor wrote:
>Jonathan Larmour <jifl@eCosCentric.com> writes:
>
>>  From a brief poke myself (and I'm no overseer) I'd hazard a guess it
>> may be more to do with the 17 simultaneous cvs checkouts as well as 2
>> rsyncs and a couple of ftps. netstat also seems to be reporting a TCP
>> SYN attack from tproxy1.NTCU.net (62 sockets in SYN_RECV state).
>
>I ran this command on sourceware:
>
>/sbin/iptables -A block -s 211.76.240.245 -i eth0 -j DROP
>
>I'm no iptables expert, but that may block out connections from
>tproxy1.ntcu.net.  Let's see if that helps any.

That should do it.

You can see from /etc/sysconfig/iptables that I've added this type of
thing for many other IP addresses as well.

Unfortunately, I don't think it helped.

cgf