Stability against attacks
Posted: Tue Nov 06, 2018 10:54 am
At the moment, I see a lot of attacks on industrial routers with installed Openvpn Server 2.3.18.
E.g. there are 100 new incoming Openvpn requests in a short time. Then the router gets a very high load and restarts by itself (watchdog). In other words, it is a DoS attack.
What I would like to suggest is a more stable openvpn and a limit of connections. If the amount of incoming connections is too high, it should block for some seconds and wait until it is stable again. But in this case, it is also not possible anymore to connect for users. So it is not an ideal solution.
Do you have any other ideas?
This is an extract of a attack (last 3 digits of IP are masked out):
..........
Tue Nov 6 05:17:03 2018 209.206.45.xxx:60144 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Nov 6 05:17:04 2018 209.206.45.xxx:60144 TLS: Initial packet from [AF_INET]209.206.45.xxx:60144, sid=6a22eb44 5adb63fe
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS Error: TLS handshake failed
Tue Nov 6 05:18:04 2018 209.206.45.xx:60144 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS: Initial packet from [AF_INET]209.206.45.xxx:60144, sid=6a22eb44 5adb63fe
Tue Nov 6 05:19:04 2018 209.206.45.xxx:60144 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 6 05:19:04 2018 209.206.45.xxx:60144 TLS Error: TLS handshake failed
..............
System details:
Tue Nov 6 12:32:06 2018 OpenVPN 2.3.18 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 11 2017
Tue Nov 6 12:32:06 2018 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06
Greets, Andreas
E.g. there are 100 new incoming Openvpn requests in a short time. Then the router gets a very high load and restarts by itself (watchdog). In other words, it is a DoS attack.
What I would like to suggest is a more stable openvpn and a limit of connections. If the amount of incoming connections is too high, it should block for some seconds and wait until it is stable again. But in this case, it is also not possible anymore to connect for users. So it is not an ideal solution.
Do you have any other ideas?
This is an extract of a attack (last 3 digits of IP are masked out):
..........
Tue Nov 6 05:17:03 2018 209.206.45.xxx:60144 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Nov 6 05:17:04 2018 209.206.45.xxx:60144 TLS: Initial packet from [AF_INET]209.206.45.xxx:60144, sid=6a22eb44 5adb63fe
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS Error: TLS handshake failed
Tue Nov 6 05:18:04 2018 209.206.45.xx:60144 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Nov 6 05:18:04 2018 209.206.45.xxx:60144 TLS: Initial packet from [AF_INET]209.206.45.xxx:60144, sid=6a22eb44 5adb63fe
Tue Nov 6 05:19:04 2018 209.206.45.xxx:60144 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 6 05:19:04 2018 209.206.45.xxx:60144 TLS Error: TLS handshake failed
..............
System details:
Tue Nov 6 12:32:06 2018 OpenVPN 2.3.18 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 11 2017
Tue Nov 6 12:32:06 2018 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06
Greets, Andreas