Re: Syn floods and DOS protection

To:	Alex Kramarov <alex@xxxxxxxxxxxxxxx>
Subject:	Re: Syn floods and DOS protection
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From:	Julian Anastasov <ja@xxxxxx>
Date:	Tue, 3 Sep 2002 22:51:23 +0000 (GMT)

        Hello,

On Tue, 3 Sep 2002, Alex Kramarov wrote:

> i have read the docs, and i saw that all the security and dos protection
> features in LVS are aimed at protecting the director. the setup assumes that
> the real servers can take care for themselvs, either by using syncookies or
> by some other means. is there a solution for real servers that do not
> implement syncookies ? On some of my servers i am stack with w2k. I know
> there is a syncookies firewall for kernel 2.2, but i am using 2.4 ...

        Another option can be a QoS policer limiting the SYN rate.
You can use it at any place before the real servers (gateway,
director). There is example for such settings in the iproute2
package.

> Thank you.

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Syn floods and DOS protection, Alex Kramarov Re: Syn floods and DOS protection, Julian Anastasov <= RE: Syn floods and DOS protection, Peter Mueller Re: Syn floods and DOS protection, Alex Kramarov RE: Syn floods and DOS protection, Peter Mueller RE: Syn floods and DOS protection, Julian Anastasov Re: Syn floods and DOS protection, Roberto Nibali

Previous by Date:	RE: Syn floods and DOS protection, Peter Mueller
Next by Date:	Re: Syn floods and DOS protection, Alex Kramarov
Previous by Thread:	Syn floods and DOS protection, Alex Kramarov
Next by Thread:	RE: Syn floods and DOS protection, Peter Mueller
Indexes:	[Date] [Thread] [Top] [All Lists]