|
|
We're logging something that's producing a partial DoS this morning. It looks like: Tue Feb 7 09:25:03 2006 us=721834 70.44.36.250:43397 UDPv4 WRITE [14] to 70.44.36.250:43397: P_CONTROL_HARD_RESET_SERVE R_V2 kid=0 [ ] pid=0 DATA len=0 Tue Feb 7 09:25:03 2006 us=751937 70.44.36.250:43397 UDPv4 READ [14] from 70.44.36.250:43397: P_CONTROL_HARD_RESET_CLIE NT_V2 kid=0 [ ] pid=0 DATA len=0 Tue Feb 7 09:25:03 2006 us=752200 70.44.36.250:43397 UDPv4 WRITE [22] to 70.44.36.250:43397: P_ACK_V1 kid=0 [ 0 ] Tue Feb 7 09:25:05 2006 us=901921 70.44.36.250:43397 UDPv4 WRITE [14] to 70.44.36.250:43397: P_CONTROL_HARD_RESET_SERVE R_V2 kid=0 [ ] pid=0 DATA len=0 And onward ... multiple times a minute over hours. Now, this could be one of our road warriors misconfigured ... still waiting for responses as to whether any of our own guys are on this IP before reporting it to its ISP ... in which case it's still pretty nasty. Is there some configuration option that would limit this sort of damage? I can't think of how to rate limit on the firewall without subsequently slowing down legitimate connections. This is on a reasonably fast machine which at present has most of a 1.5 DSL line committed to it. Having one malignant or misconfigured persistent connection attempt effectively DoS it isn't good. The couple of regular users (we don't have many) are reporting sluggishness and intermittence. Thanks in advance for all advice. Whit ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |