Home

Back to BNL posts

In response to Sean Conner's posts on the Brazilian SYN attacks

gemini://gemini.conman.org/boston/2026/03/17.1

gemini://gemini.conman.org/boston/2026/01/28.2

gemini://gemini.conman.org/boston/2026/01/29.1

I've been wondering for months about why I was seeing so many Brazilian IPs stuck in SYN_RECV on my server. The upshot is that this situation forced me to learn more about networking, networking tools, TCP, and all sorts of other fun things that I previously had very little knowledge about. I still have very little knowledge about them, but I know more. And I've implemented a number of improvements to the security of my server as a result — not so much to mitigate this particular situation, but because of what I've learned in reading and researching.

Then I ran across Sean's posts and learned a bit more about what was happening. And also a little bit about how ISPs work in Brazil, which is fascinating and more than a little surprising. I wonder a lot about the history of this "mom and pop" ISP situation there and why larger ISPs haven't been able to completely dominate the market. It's just unimaginable in a place like the US.

Also confirms that getting back on the smol web with y'all was a good move.

At any rate, thanks Sean!