Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed ssl authentication metric #1834

Open
r-caamano opened this issue Mar 14, 2024 · 2 comments
Open

Failed ssl authentication metric #1834

r-caamano opened this issue Mar 14, 2024 · 2 comments

Comments

@r-caamano
Copy link
Member

I would like to put in a request for an api endpoint to monitor the number of failed ssl api session authentication events during a time interval with the purpose of detecting ddos attacks against the OpenZiti Controller.

@qrkourier
Copy link
Member

Hey @r-caamano! The authentication rate limiter is enabled by default. Does it meet your needs?

https://github.com/openziti/ziti/blob/release-next/CHANGELOG.md#auth-rate-limiter

@r-caamano
Copy link
Member Author

The idea here is to give a ddos tool insight as to whether the controller is under attack and have the OS firewall block any tls session requests from sources that have not already authenticated at least once. The issue arises as to whether the above limiter protects the controller enough when it is hit by millions of authentication requests or does it still have waist process cycles denying them? If the answer is the controller has to waist CPU resources denying the requests to the point it becomes impaired. Then I would say that it does not meet the need. cc @mikegorman-nf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants