Re: Kernel Upgrade in LVS

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: Kernel Upgrade in LVS
From:	Roberto Nibali <ratz@xxxxxx>
Date:	Wed, 06 Aug 2003 08:40:12 +0200

Hi,

My conception is, human usually do not eshtablish SYN connection asmore as Nimda or other worms, if I can determine a threshold ofsimultenious SYN connection that nimda usually creates, probably Iwill be able to drop packets from specific source IP which meet thethreshold. There is chance of false positive - I agree.
Another risk is if the attackers are forging their source IP addresses.I don't think your threshhold approach would work in this case.
Have you heard of SYNCookies?  http://cr.yp.to/syncookies.html
I think that should stop any SYN flood type of Denial of Service attack,and also should allow all legitimate traffic to get through.

Search google using my name and syncookies for more information on why syncookies have no measurable impact on reducing real DoS.


Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

<Prev in Thread]	Current Thread	[Next in Thread>
Kernel Upgrade in LVS, Faruk Ahmed Re: Kernel Upgrade in LVS, Roberto Nibali Kernel Upgrade in LVS, Faruk Ahmed Re: Kernel Upgrade in LVS, Roberto Nibali Re: Kernel Upgrade in LVS, Faruk Ahmed Re: Kernel Upgrade in LVS, Dave Jagoda Re: Kernel Upgrade in LVS, Roberto Nibali <= Re: Kernel Upgrade in LVS, Dave Jagoda Re: Kernel Upgrade in LVS, Faruk Ahmed Re: Kernel Upgrade in LVS, Roberto Nibali Re: Kernel Upgrade in LVS, Roberto Nibali Re: Kernel Upgrade in LVS, Roberto Nibali Fighting Against SYN flood/Nimda, Faruk Ahmed Re: Fighting Against SYN flood/Nimda, Roberto Nibali

Previous by Date:	Keepalive, Dat Nguyen
Next by Date:	Re: Kernel Upgrade in LVS, Roberto Nibali
Previous by Thread:	Re: Kernel Upgrade in LVS, Dave Jagoda
Next by Thread:	Re: Kernel Upgrade in LVS, Dave Jagoda
Indexes:	[Date] [Thread] [Top] [All Lists]