![]() The rule works properly but after few hours to deploy customer was unable to browse or access to the internet I just add in-interface=ether1 (My ether1 is the wan interface) and problem solve my question is: This help a lot to prevent attackers eat my bandwidth fist attack was 100mbps on icmp and UDP (17) and hang my MK. ![]() In Monday, attacked IP addresses changed, so this horror returned back After a dozen of minutes I came to this solution: So, when 'connection-limit' matcher was trying to count active user's connections a few thousand times per second, it was killing the router completely. It appeared that some kind of virus or botnet on customers' computers was attacking single IP address (some Lineage II game server) by creating huge number of HTTP requests to the host (when I blocked any packets to that server, filter rule was dropping about 4000 new connections per second). Even pinging router's address (or 127.0.0.1) from the router itself was showing 200-500ms RTT with 50% of timeouts.Īfter about fifteen minutes of searching and trying I identified that the reason was my firewall filter fules for limiting the number of simultaneous TCP connections per user: they were showing high rate of dropped packets, and when I was disabling them, router was becoming stable again. Guess what I did first? Yes, after a few minutes I rebooted the router And guess what? After reboot, the picture stayed the same. TechSupport woke me up at about 13:00 - users were complaining about very slow Internet access with high packet drop rate. It was the first time our network became the source of DDoS attack. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |