I run a piece of software which is replicated across two machines and shares information via multicast. I noticed after performing some updates that information only seemed to be flowing in one direction, so thought I'd share the details of what ended up being wrong for the next person to run into the same problem.
While reviewing the logs of my OpenVPN server recently, I noticed a series of suspicious looking entries that indicated that it was being used as part of a UDP reflection attack. Thankfully this is pretty straightforward to block using the built in functionality of OpenVPN and/or firewall software such as nftables. I'll cover both approaches here.
