We pride ourselves on running a very open network; however, there are two items that we police in order to protect our network and customers.
-
SSH rate-limit inbound on port 22
In order to mitigate dictionary attacks, initial connections (SYN) to port 22 are policed and allow a maximum of 15 connections per IP within 60 seconds measured as a rolling average. Exceeding this will cause the source IP traffic to be dropped for 60 seconds.
This only applies to port 22 on VM hosts (does not apply to dedicated servers and IP transit) and cannot be disabled on a per-VM basis. If it causes issues for your VM, we apologize, but you will need to assign SSH to listen on a port other than 22.
-
UDP rate-limit outbound (all services)
By default, all account VLANs have a UDP rate-limit of 5 Mbps (outbound only). Port 1194 is exempt (OpenVPN). This protects a service from being used maliciously (e.g. from our network to perform a DoS attack to another network).
This rate-limit may be removed by request, but the grant of which will be reviewed on a case-by-case basis.