Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Sudden spike in outbound WAN traffic.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Sudden spike in outbound WAN traffic. (Read 1044 times)
ScrewItUpYourself
Newbie
Posts: 3
Karma: 0
Sudden spike in outbound WAN traffic.
«
on:
August 10, 2023, 06:00:39 am »
I originally posted this in General Discussion, but upon further review, it looks like this is probably the more appropriate forum. If this is wrong, please direct me to the best place.
This afternoon, I suddenly began having a spike in outbound WAN traffic, creating a noticeable slowdown. The reports are showing anywhere from 20-30 Mbps in outbound traffic (my ISP caps me at 10). LAN traffic was only a tiny fraction of this. I disconnected all devices on my LAN for a few minutes, including the laptop I was using to access the OPNsense web interface. After about five minutes, I logged back in to the web interface, and the outbound traffic remained just as high during that period, even with zero devices connected.
Of note, I did upgrade to 23.7 a few days ago, but the problem started suddenly this afternoon. Also, I have OPNsense set up to ping Cloudflare's DNS server every 60 seconds to monitor connection quality, and I did note a large amount of packet loss right when the problem began, but that normalized within a couple minutes. My ISP sees nothing on their end, other than the unusual amount of outbound traffic. The guy I spoke with seemed fairly competent as far as ISP tech support goes, and he said he had never really seen anything like that. As soon as I unplugged the Ethernet cable from my cable modem to the device running OPNsense, the outbound traffic disappeared on their end (so it doesn't sound like it's anything spurious being emitted from the modem).
I'm at a loss here--where should I go next with this?
Logged
meyergru
Hero Member
Posts: 1687
Karma: 165
IT Aficionado
Re: Sudden spike in outbound WAN traffic.
«
Reply #1 on:
August 10, 2023, 02:51:36 pm »
If your ISP does not see the traffic, I would assume that this is misguided RFC1918 traffic from your side.
There is no default rule which keeps such traffic from being routed over the default gateway, yet your ISP will filter it out. In order to see / block such traffic, you should create an "out" rule on WAN for RFC1918 destination addresses with logging enabled.
You should see what tries to escape your network, then.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
ScrewItUpYourself
Newbie
Posts: 3
Karma: 0
Re: Sudden spike in outbound WAN traffic.
«
Reply #2 on:
August 10, 2023, 06:27:02 pm »
My ISP did see the traffic. But I figured out the problem. I unwittingly allowed myself to be used to carry out a DDoS attack. Months ago when I was setting up HAproxy, I meant to add a firewall rule to pass traffic on port 443. Somehow I set it to pass any port.
I need to be more careful.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Sudden spike in outbound WAN traffic.