Benutzer-Werkzeuge

Webseiten-Werkzeuge


dapnetnodeconnectionratelimit

Connection Rate Limiting

Introduction

We see at the moment one UniPager installation with version 0.6.0, that is constantly trying to connect to the DAPNET Node at dapnet.afu.rwth-aachen.de:43434 . In this old version of UniPager, the connect process was not inhibited if no configuration like callsign and auth key was provided after installation. So we are dealing here with a lonely Linux maschine, who's owner has forgotten that she/he installed UniPager and that it is causing 3 log lines every second.

Countermeasures and Connection Rate Limiting

In order to block maschines like these, the firewall at db0sda has been set up in a way, that if either

  • There are more than 5 new TCP connections/minute from the same source IP to Port 43434 on dapnet.afu.rwth-aachen.de
  • Or the first 2 kB for the traffic contain a string like [UniPager-C9000 v.0.6.0 ],
(RegEx: \[UniPager-.+\ v[0-9]+\.[0-9]+\.[0-9]\ \ \])

then the source IP is added for 10 minutes to a list of blocked IPs.

With this approach, we should be also more save against possible DOS attacks.

dapnetnodeconnectionratelimit.txt · Zuletzt geändert: 2018/06/26 20:59 von dh3wr