[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] DoS


  • Subject: [Openvpn-users] DoS
  • From: Whit Blauvelt <whit@xxxxxxxxxxxxx>
  • Date: Tue, 7 Feb 2006 11:10:56 -0500

We're logging something that's producing a partial DoS this morning. It
looks like:

Tue Feb  7 09:25:03 2006 us=721834 70.44.36.250:43397 UDPv4 WRITE [14] to 70.44.36.250:43397: P_CONTROL_HARD_RESET_SERVE
R_V2 kid=0 [ ] pid=0 DATA len=0
Tue Feb  7 09:25:03 2006 us=751937 70.44.36.250:43397 UDPv4 READ [14] from 70.44.36.250:43397: P_CONTROL_HARD_RESET_CLIE
NT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Feb  7 09:25:03 2006 us=752200 70.44.36.250:43397 UDPv4 WRITE [22] to 70.44.36.250:43397: P_ACK_V1 kid=0 [ 0 ]
Tue Feb  7 09:25:05 2006 us=901921 70.44.36.250:43397 UDPv4 WRITE [14] to 70.44.36.250:43397: P_CONTROL_HARD_RESET_SERVE
R_V2 kid=0 [ ] pid=0 DATA len=0

And onward ... multiple times a minute over hours. Now, this could be one of
our road warriors misconfigured ... still waiting for responses as to
whether any of our own guys are on this IP before reporting it to its ISP
... in which case it's still pretty nasty. Is there some configuration
option that would limit this sort of damage? I can't think of how to rate
limit on the firewall without subsequently slowing down legitimate
connections.

This is on a reasonably fast machine which at present has most of a 1.5 DSL
line committed to it. Having one malignant or misconfigured persistent
connection attempt effectively DoS it isn't good. The couple of regular
users (we don't have many) are reporting sluggishness and intermittence.

Thanks in advance for all advice. 

Whit

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users