[rbak-nsp] LM / L2TP errors
Golem
golem at mtm-info.pl
Wed Feb 19 14:41:09 EST 2014
Hello
Thanks for information, I created rule on all contexts
deny udp any any eq 1701
However, did it accept requests by default on this port if was not filtered
?
Wednesday, February 19, 2014, 8:13:23 PM, you wrote:
> On Wed, Feb 19, 2014 at 06:17:08PM +0100, Golem wrote:
>> Hello Redback-nsp,
>>
>> What these errors mean ?
>>
>> Feb 19 17:29:21: %LM-3-ERR: Receiving interface for Ping/Traceroute request not located
>> Feb 19 17:29:23: %L2TP-3-EMSG: Packet is too long, it was truncated
>> Feb 19 17:29:30: %L2TP-6-TUNNEL: someip:53 received packet without S-bit in header
>>
>> Once it happend router start dropping bgp sesions and act like
>> overloaded, high latency ~200ms on all interfaces. We not using l2tp.
>>
>> Is there anything to prevent these errors in future ?
> When not using L2TP your admin-access-group should exclude accepting UDP
> Port 1701 e.g. L2TP (It should be a deny all at the end anyway). Does
> it?
> Flo
--
Best regards,
Ozga Rafal mailto:golem at mtm-info.pl
More information about the redback-nsp
mailing list