|
Hello,
On Wed, 22 Nov 2000, joern maier wrote:
> Hi there,
>
> maybe anyone of you can help me. I got some Problem protecting my VS
> from
> SYN - flood attacks. Somehow the drop_entry mechanism seems not to work.
> Doing a SYN-Flood with 3 clients to my VS ( 1 director + 3 RS ) the
> System
> get´s unreachable. -> a single Server (one of my RS) "DoSed" by those
> clients
> stays alive.
You can't SYN flood the director with 3 clients only. You need
more clients. As alternative, you can download "testlvs" from the web
site. What shows ipvsadm -Ln under attack? How you activate drop_entry?
What shows "cat drop_entry" ?
> Set-up:
>
> all RS have tcp_syncookies enabled (1) the tcp_max_syn_backlog is set to
> 128
>
> after booting the director is set drop_entry var to 1 (echo 1 >
> drop_entry)
> (I have to do this all the time I reboot the director => is the
> drop_entry var
> not stored somehow ?)
> before compiling the Kernel I set the table size to 2^20 my Director has
> 256 MB of
> memory and no other applications are running so that should be o.k.
You don't need such large table, really.
> did I miss anything ?
>
> I'm using ip tunneling and lc scheduling if this is important
>
> I`m thankfull for any help I can get
>
> Joern
Regards
--
Julian Anastasov <ja@xxxxxx>
|
