so, school is out and the children are on the loose
2024-06-10T21:27:24.199750+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 2620:171:c2::49@33322
2024-06-10T21:27:24.200561+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 167.99.160.10@14871
2024-06-10T21:27:24.200642+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 34.223.46.240@53392
2024-06-10T21:27:24.201218+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 167.99.160.10@2011
2024-06-10T21:27:24.201422+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 81.106.125.151@54192
2024-06-10T21:27:24.203263+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 34.223.46.240@53398
2024-06-10T21:27:24.203643+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 139.99.166.37@42942
2024-06-10T21:27:25.199585+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 3.228.173.229@34084
2024-06-10T21:27:25.199678+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 76.93.200.106@10371
2024-06-10T21:27:25.200951+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 2a02:6b8:c04:262:0:433f:1:3@33586
2024-06-10T21:27:25.201029+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 2600:3c09::f03c:93ff:fea9:4de0@54166
2024-06-10T21:27:25.201207+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 118.99.2.29@33170
2024-06-10T21:27:25.201385+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 213.187.92.252@40559
2024-06-10T21:27:26.200340+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 2a02:6b8:c04:262:0:433f:1:3@33594
2024-06-10T21:27:26.200529+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 40.79.144.82@59683
2024-06-10T21:27:26.203837+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 103.85.93.93@60578
2024-06-10T21:27:26.205102+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 13.244.33.51@33812
2024-06-10T21:27:27.208589+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 18.139.204.179@46824
2024-06-10T21:27:27.210062+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 20.125.201.35@63627
2024-06-10T21:27:27.331742+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 172.217.37.144@64719
2024-06-10T21:27:27.332050+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 191.233.201.73@61718
2024-06-10T21:27:27.391797+00:00 rip knotd[1389]: notice: TCP, terminated
inactive client, address 81.106.125.151@50624
like tens of thousands. some children are like that.
so, we take this as an opportunity to learn a bit more about knot tuning
we shortened `tcp-idle-timeout: 2`
we set `tcp-max-clients: 20`
rate limiting seems unlikely to improve things as it is many sources, a
DDos
what else are we missing?
btw, it also whacked knot enough that it failed a resign cycle and we had
to add `unsafe-operation: no-check-keyset` to get back to signing.
clues appreciated. this can't be the only neighborhood with children.
randy
--
