Messages

1

23.7 Legacy Series / Re: Sudden spike in outbound WAN traffic.

« on: August 10, 2023, 06:27:02 pm »

My ISP did see the traffic. But I figured out the problem.  I unwittingly allowed myself to be used to carry out a DDoS attack. Months ago when I was setting up HAproxy, I meant to add a firewall rule to pass traffic on port 443. Somehow I set it to pass any port.  I need to be more careful.

2

23.7 Legacy Series / Sudden spike in outbound WAN traffic.

« on: August 10, 2023, 06:00:39 am »

I originally posted this in General Discussion, but upon further review, it looks like this is probably the more appropriate forum. If this is wrong, please direct me to the best place.

This afternoon, I suddenly began having a spike in outbound WAN traffic, creating a noticeable slowdown. The reports are showing anywhere from 20-30 Mbps in outbound traffic (my ISP caps me at 10). LAN traffic was only a tiny fraction of this. I disconnected all devices on my LAN for a few minutes, including the laptop I was using to access the OPNsense web interface. After about five minutes, I logged back in to the web interface, and the outbound traffic remained just as high during that period, even with zero devices connected.

Of note, I did upgrade to 23.7 a few days ago, but the problem started suddenly this afternoon. Also, I have OPNsense set up to ping Cloudflare's DNS server every 60 seconds to monitor connection quality, and I did note a large amount of packet loss right when the problem began, but that normalized within a couple minutes. My ISP sees nothing on their end, other than the unusual amount of outbound traffic. The guy I spoke with seemed fairly competent as far as ISP tech support goes, and he said he had never really seen anything like that. As soon as I unplugged the Ethernet cable from my cable modem to the device running OPNsense, the outbound traffic disappeared on their end (so it doesn't sound like it's anything spurious being emitted from the modem).

I'm at a loss here--where should I go next with this?

3

General Discussion / Sudden spike it outbound WAN traffic, even with no devices connected

« on: August 10, 2023, 12:13:05 am »

This afternoon, I suddenly began having a spike in outbound WAN traffic, creating a noticeable slowdown. The logs are showing anywhere from 20-30 Mbps in outbound traffic. LAN traffic was only a tiny fraction of this. I disconnected all devices for a few minutes, then logged back in to the web interface, and the outbound traffic remained just as high during that period.

Of note, I did upgrade to the latest version a few days ago, but the problem started suddenly this afternoon. Also, I have OPNsense set up to ping Cloudflare's DNS server every 60 seconds to monitor connection quality, and I did note a large amount of packet loss right when the problem began, but that normalized within a couple minutes. My ISP sees nothing on their end, other than the unusual amount of traffic. As soon as I unplug the Ethernet cable from my cable modem to the device running OPNsense, the outbound traffic disappears on their end (so it doesn't sound like it's something spurious being emitted from the modem).

I'm at a loss here--where should I go next with this?