this post was submitted on 26 Dec 2025
191 points (99.5% liked)

Linux

10789 readers
1010 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
191
Arch Linux Website Hit by DDoS and Temporarily Limited to IPv6 (linuxiac.com)
submitted 1 day ago by cm0002@mander.xyz to c/linux@programming.dev
26 comments fedilink hide all child comments
 

I know this isn’t the kind of news Linux fans were hoping to read on Christmas Day, but unfortunately, on a day meant for faith, kindness, and hope, others are choosing to act in exactly the opposite way.

Many of you probably remember the problems Arch faced just a few months ago due to massive DDoS attacks, which mainly affected the AUR. Sadly, just when it seemed those issues were behind, a new large-scale DDoS attack on Christmas Day once again made the distribution’s website effectively inaccessible.

you are viewing a single comment's thread
view the rest of the comments
[–] randomblock1@lemmy.world 13 points 19 hours ago (3 children)

Why ipv6 only though? Is there something about it that makes it more resilient to DDOS? If a device on the botnet has both ipv4 and ipv6 I don't see how it's mitigated

[–] Unforeseen@sh.itjust.works 11 points 17 hours ago

I just figured the chances of the devices in a botnet being ipv6 is like 5% or less

[–] SteveTech@aussie.zone 8 points 7 hours ago

The botnet's code probably doesn't support IPv6.

Is there something about it that makes it more resilient to DDOS?

While archlinux.org doesn't do this, you can have multiple A and AAAA records which can provide DNS based load balancing, and IPv6 is easier to do that with since you usually get allocated a whole prefix. Of course that only helps to distribute the load, if your internet connection is the bottleneck then it won't help.

[–] x00z@lemmy.world 2 points 6 hours ago* (last edited 6 hours ago)

It's common practice to "blackhole" targets of DDoS attacks as a defensive measure. Blackholing means that packets coming into the network for a specific IP get discarded which lowers the stress on the network and especially on the receiving server. The server will work as if there was no attack but will only be accessible on non blackholed IPs. This would of course require the IPv6 to not get attacked either.

I'm guessing that's what's happening here.

https://en.wikipedia.org/wiki/Black_hole_(networking)