[ixpmanager] DoS Attack of IXP Manager Looking Glass
Rob Lister
rob at lonap.net
Mon Jan 18 16:21:29 GMT 2021
Hello All,
In recent months we've had a few instances of people really hammering
our RS
Looking glass, seemingly to enumerate large numbers of prefixes.
$ w
15:19:01 up 70 days, 19 min, 1 user, load average: 134.57, 57.63,
21.99
Whilst we are happy for the lg data to be available, this seems to be
caused by
someone walking the entire lg for prefixes for a particular ASN, making
hundreds
of connections in parallel, maybe 7-10 requests per second, > 3000
requests
in a 5 minute period before our monitoring alarms.
lg requests are a bit computationally expensive to do, given that it
requires
a connection to the looking glass API and results to be cached etc.
Is anyone else experiencing such (mis)usage patterns on their LG?
Perhaps one solution might be to limit the number of simultaneous
requests per
IP address in Apache for that URL. Looks like Apache libapache2-mod-bw
or
the newer mod_qos is the way to go? Anyone done it?
Thanks,
Rob
--
Rob Lister
rob at lonap.net
+44 20 3137 8330
More information about the ixpmanager
mailing list