udp flood tool crashes LVS-NAT from the inside

To:	<lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	udp flood tool crashes LVS-NAT from the inside
Cc:	mickey@xxxxxxxxxxxxx
From:	"Mickey Everts" <mickey-ml@xxxxxxxxxxxxx>
Date:	Sat, 6 Nov 2004 01:12:12 -0800

 

Today I had an incident at work where an attacker used a PHP exploit to grab
the following script and run it from one of our "real servers" (running as
apache's permissions):

 

http://www.packetstormsecurity.org/DoS/udp.pl

 

This rather short script brought our LVS box, a 3 GHz Pentium 3 system with
dual gigabit interfaces, to its knees.  Note that it's actually connected to
a 100megabit interface.  Obviously we want to secure our real servers, but
is there any way to stop this kind of thing from killing our LVS server so
easily?

 

Regards,

 

Mickey

<Prev in Thread]	Current Thread	[Next in Thread>
udp flood tool crashes LVS-NAT from the inside, Mickey Everts <= Re: udp flood tool crashes LVS-NAT from the inside, Graeme Fowler

Previous by Date:	Re: Ldirectord Redhat EL3 SSL checking problem, Seth Daniel
Next by Date:	Re: udp flood tool crashes LVS-NAT from the inside, Graeme Fowler
Previous by Thread:	Re: Ldirectord Redhat EL3 SSL checking problem, Horms
Next by Thread:	Re: udp flood tool crashes LVS-NAT from the inside, Graeme Fowler
Indexes:	[Date] [Thread] [Top] [All Lists]