I hesitate to share this for fear of generating a mini #ddos on their site, but i had no idea the #fediverse generated so much traffic due to its inherent nature. Sounds like issue is on the roadmap to getting fixed, but good that folks are sounding off about it.
Due to frequent DDoS attacks, we're enforcing stricter limits on the number of connections to our servers. By default, each server enforces a limit of 16 or 32 TCP connections from each IPv4 address and IPv6 /64 block. During persistent attacks, these limits will be adjusted.
@Orca Without TCP timestamps, connections where Linux SYN cookies are used due to ongoing SYN flood attacks on a server will get limited to 65535 bytes in flight without timestamps. That means server can only have 65535 bytes on the way to you at a time, limiting you to around 0.655MB/s if you have 100ms round trip time.
TCP timestamps used to leak uptime but Linux has randomized starting offset per connection since 2016:
@Orca TCP timestamps add 10 bytes to each TCP packet header which is below 1% overhead but they can improve congestion control due to accurate round trip time measurement. They're also fairly mandatory for high bandwidth + high latency connections. Windows not enabling TCP timestamps by default interacts badly with Linux SYN cookies and means attackers can easily heavily degrade performance for a lot of users via SYN floods triggering SYN cookies. It's an unfortunate situation.
Access to the #XMPP server and the #Matrix server are currently limited because the primary IPv4 address was blocked by the provider due to #DDoS. Checking the server revealed no abnormalities and we have applied for unblocking.
C'est un réseau privé avec points d'interconnexion, d'après ce que je comprends, je ne comprends donc pas la problématique de DoS: seul les points d'accès peuvent être attaqués, le réseau privé ne devrait pas être impacté, a part les accès VPN.