RE: Syn floods and DOS protection

To:	Peter Mueller <pmueller@xxxxxxxxxxxx>
Subject:	RE: Syn floods and DOS protection
Cc:	"'lvs-users@xxxxxxxxxxxxxxxxxxxxxx'" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>, Alex Kramarov <alex@xxxxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Tue, 3 Sep 2002 23:18:29 +0000 (GMT)

        Hello,

On Tue, 3 Sep 2002, Peter Mueller wrote:

> >     Another option can be a QoS policer limiting the SYN rate.
> > You can use it at any place before the real servers (gateway,
> > director). There is example for such settings in the iproute2
> > package.
>
> This sounds very interesting.  Does the QOS synrate limiter differentiate
> between "real" and "fake" traffic at all?  Do you have any Julian tips on

        No, there is no differentiation. But such policer is a must in
situations where we don't want to reply to each SYN and to overload
our out line with SYN cookies.

> their usage? :D

        Nothing special, examples/SYN-DoS.rate.limit

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
Syn floods and DOS protection, Alex Kramarov Re: Syn floods and DOS protection, Julian Anastasov RE: Syn floods and DOS protection, Peter Mueller Re: Syn floods and DOS protection, Alex Kramarov RE: Syn floods and DOS protection, Peter Mueller RE: Syn floods and DOS protection, Julian Anastasov <= Re: Syn floods and DOS protection, Roberto Nibali

Previous by Date:	RE: Syn floods and DOS protection, Peter Mueller
Next by Date:	Re: Has Ldirectord got a web page ?, Horms
Previous by Thread:	RE: Syn floods and DOS protection, Peter Mueller
Next by Thread:	Re: Syn floods and DOS protection, Roberto Nibali
Indexes:	[Date] [Thread] [Top] [All Lists]