I am suddenly getting tons of "self-resolving" connection reset errors when web browsing, theories?

[britechguy]

Over the last week, I have had a massive uptick in this error type, and very often if I wait just a second or two after it's presented, the page loads, though sometimes it doesn't.

The NVDA screen reader is also affected now, but consistently, because when it attempts to connect to its Add-On Store the connection reset blows that functionality out of the water.

I have not installed any new software recently and use Windows Security. I guess it's possible it might be related to my ISP (T-Mobile 5G Wireless) and/or modem-router too, but am at a loss to explain what's going on.

Theories, anyone?

 

[Sky-Knight]

The world is at war... the cyber attacks are... wild... and straining most of the global infrastructure.

There isn't anything we can do, this is the Internet... We can only survive it.

 

[britechguy]

Not that I don't get your point, but it's just too specific to me and me alone to be what you posit as the cause.

I've had tons of people trying to replicate the NVDA problem, in particular. I'm the only one it's hitting, and the folks testing are in various places around the globe.

This has never happened, at all, as far as connectivity for the screen reader functions. I strongly suspect something idiosyncratic to my machine, but I have no idea where to look first. What I'm going to have to ask my partner to do is to tell me if he's getting these errors, too, and I haven't done that yet.

 

[Sky-Knight]

I'm curious... because I'm getting all sorts of browser level resets on my desktop, and my work laptop. This is happening to me on two different ISPs on opposite ends of the Phoenix area. So while it could in theory be city wide, and in my case appears to be... it's certainly not machine related.

It's also infuriatingly intermittent... just enough of a problem for me to know its there, but not enough of a problem to be troubleshot... the issue vanishes as soon as it's recognized. The technical equivalent of being gaslit.

 

[britechguy]

That's what it feels like here, too.

 

[NETWizz]

I am actually seeing some strange behavior too...

In the past couple of days I have seen a few, intermittent botnet attacks...

==> Here you can see an attempt to establish over 265,000 sessions per second TCP. The zone protection profile hardens that zone, AND the line-speed ASICs are able to keep up with the drop rate for now while still having the capability to process and forward traffic normally, but it is pushing the data plane a little.

Only 168k sessions are valid. Thankfully at the moment, the threat actor who is trying to DDoS does not have enough horsepower to pull it off ... for now:






redacted@redacted(active)> show session info

target-dp: *.dp0
--------------------------------------------------------------------------------
Number of sessions supported: 4999998
Number of allocated sessions: 172393
Number of active TCP sessions: 102890
Number of active UDP sessions: 68489
Number of active ICMP sessions: 973
Number of active GTPc sessions: 0
Number of active HTTP2-5gc sessions: 0
Number of active GTPu sessions: 0
Number of pending GTPu sessions: 0
Number of active BCAST sessions: 0
Number of active MCAST sessions: 0
Number of active predict sessions: 153
Number of active SCTP sessions: 0
Number of active SCTP associations: 0
Number of active PFCP sessions: 0
Number of active IMSI sessions: 0
Session table utilization: 3%
Number of sessions created since bootup: 7462332920
Packet rate: 2309982/s
Throughput: 86922794 kbps
New connection establish rate: 265275 cps
--------------------------------------------------------------------------------
<additional output redacted>