What is the biggest attack in GBPS you stopped
-
EDIT: It was my bandwith that caused to attacked IP to survive.
No change in resilience. (Sorry).
It was your bandwidth? Isn't that the goal? The weakest link should be the bandwidth, not the firewall, yes? What issue(s) still remain? Same?
-
As soon as I was able to push 10mbit/s out on my private line, then it failed again….
-
So 10Mb/s of special traffic against your greater than 10Mb/s link caused the link to fail? Did the firewall stop working or only the link go down?
-
Firewall stopped routing traffic. Link was fine.
Lots of packetloss once again.
-
So same issue as before, firewall is the weakest link, not the bandwidth? Maybe 2.3.
Any news from the FreeBSD side of things?
-
Not yet. They are digesting the attack that I did yesterday and curretnly looking at states not beeing freed as they should…. AFAIK.
-
Did this end up in nowhere with the issue still being there?
-
Still working on it.
-
https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html
Latest update.
-
https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html
Latest update.
Does this need to be included in 2.2.4 before it is released?
-
That would be a very good idea if possible!
Opnsense has this fix done allready and a full release on friday.
-
Do they have snapshot that you could test?
-
Waiting for the update to come. I will update and report back.
-
https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html
Latest update.
Does this need to be included in 2.2.4 before it is released?
You beat me to it. This thread is the first thing I thought about when I saw this in G+
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc
-
Supermule, is this directly related to what you've been digging into?
-
Could very well be.
-
So you haven't tested it? It's more of a definite maybe that this resolves the issue?
-
Not yet.
So you haven't tested it? It's more of a definite maybe that this resolves the issue?
-
https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html
Latest update.
I suppose another question to ask, is how did we miss this on our own machines, and what can we do to avoid such problems from occurring again?
-
Supermule didn't miss it. Well, possibly. If it turns out to be the same issue.