On Wed, Apr 03, 2024 at 10:37:20AM -0700, Kevin Fenzi wrote:
RHEL/CentOS/Rocky/Alma/etc, never had the vulnerable version.
It was never even built for them. EPEL doesn't provide xz (thats in the
base EL repos).
Ah, that explains the lack of actual downloads then :)
If people are checking for updates, that could explain some
increased
traffic, but I wouldn't think it would explain any dramatic traffic
increase.
It's about 10x, not dramatic, but still quite a lot - especially because
it's just metadata from the looks of it.
A number of other mirror admins don't seem to be seeing anything
different, so it sounds to me like it might be region specific perhaps?
Are all these requests ipv4? Are they coming from the same or different
providers?
As far as I can tell, it's all over the place. A few hosts are outliers
(maybe due to NAT or impatience), but overall, it's just more of
everything.
So, to summarize, the idea is that due to the xz/ssh issue, lots of
users are downloading metadata, especially the "filelists", causing an
ongoing surge in traffic.
If that's true, things should calm down anytime now.
--
Dr. Carsten Otto
http://verify.rwth-aachen.de/otto/