Not fun: starting your second vacation day the same way you started the first one, by connecting to the office and trying to debug a firewall performance issue through a VPN connection that’s affected by it.
Yesterday it mysteriously vanished while we were looking at it, so I didn’t have the opportunity to try a few things. Today, I was able to mitigate the problem by disabling the HFSC queues in PF, reducing the interrupt overhead just enough to compensate for the attack.
The downside to shutting off the throttling is that we risk being DDoS’d by syslog traffic from our products out in the field.
In completely unrelated news, there cannot be any symlinks in the path to a GitLab install, or it goes all wonky.
So it looks like someone is trying to DDoS our office network. Since the previous attack didn’t keep us offline, they switched to an NTP amplification attack on a machine that had been misconfigured. It was actually kind of pathetic as attacks go; it chewed up some bandwidth (and the incoming packets are still bouncing off my firewall at 1.1 mb/s), but had zero impact on the network.
Markdown formatting and simple HTML accepted.
Sometimes you have to double-click to enter text in the form (interaction between Isso and Bootstrap?). Tab is more reliable.