Not sure if this should be a feature request or not. kind of a mix of some questions and a request
We just has an issue where someone did a large probe or DOS attach on the IP of a cellular interface which was in standby. Of course the pepwave simply dropped all the incoming unsolicited packets. The problem is that it totaled 27G of traffic in three days, at a cost of $270. There are several problems:
- The pepwave does not appear to track/display this data. During this period it shows the “real usage” of a few MB from it maintaining the speedfusion tunnels over the cellular link for backup.
- Since the interface was in standby we did not see any symptom such as a saturated link.
My concern is that I have 150 static IPs on pepwaves. If someone were to attack them like this I would not know it until I received a bill for tens of thousands of Dollars.
I cannot deal with it by using private IPs, as the cellular is used for the speedfusion traffic and to back up general Internet access from the locations.
So - my goal is to get one or more type of reporting/alerts in place so I can know an attack is happening and try to deal with it by shutting down the interface and changing IPs.
- Does the pepwave report just accepted traffic or all traffic including unsolicited traffic to all ports including those not open (i.e. show raw interface traffic). If not, can this be added?
- Can we get this type of raw interface traffic via SNMP? I would be willing to set up an SNMP server for this purpose. I would prefer to be alerted via incontrol, but if that is not possibe, SNMP may be the only solution