Re: DoS - Problem

To: joern maier <joern.maier@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: DoS - Problem
Cc: "lvs-users@xxxxxxxxxxxxxxxxxxxxxx" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Wed, 22 Nov 2000 22:28:22 +0000 (GMT)

On Wed, 22 Nov 2000, joern maier wrote:

> Hi there,
> maybe anyone of you can help me. I got some Problem protecting my VS
> from
> SYN - flood attacks. Somehow the drop_entry mechanism seems not to work.
> Doing a SYN-Flood with 3 clients to my VS ( 1 director + 3 RS ) the
> System
> get´s unreachable. -> a single Server (one of my RS) "DoSed" by those
> clients
> stays alive.

        You can't SYN flood the director with 3 clients only. You need
more clients. As alternative, you can download "testlvs" from the web
site. What shows ipvsadm -Ln under attack? How you activate drop_entry?
What shows "cat drop_entry" ?

> Set-up:
> all RS have tcp_syncookies enabled (1) the tcp_max_syn_backlog is set to
> 128
> after booting the director is set drop_entry var to 1 (echo 1 >
> drop_entry)
>       (I have to do this all the time I reboot the director => is the
> drop_entry var
>        not stored somehow ?)
> before compiling the Kernel I set the table size to 2^20 my Director has
> 256 MB of
> memory and no other applications are running so that should be o.k.

        You don't need such large table, really.

> did I miss anything ?
> I'm using ip tunneling and lc scheduling if this is important
> I`m thankfull for any help I can get
> Joern


Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>