LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

udp flood tool crashes LVS-NAT from the inside

To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: udp flood tool crashes LVS-NAT from the inside
Cc: mickey@xxxxxxxxxxxxx
From: "Mickey Everts" <mickey-ml@xxxxxxxxxxxxx>
Date: Sat, 6 Nov 2004 01:12:12 -0800
 

Today I had an incident at work where an attacker used a PHP exploit to grab
the following script and run it from one of our "real servers" (running as
apache's permissions):

 

http://www.packetstormsecurity.org/DoS/udp.pl

 

This rather short script brought our LVS box, a 3 GHz Pentium 3 system with
dual gigabit interfaces, to its knees.  Note that it's actually connected to
a 100megabit interface.  Obviously we want to secure our real servers, but
is there any way to stop this kind of thing from killing our LVS server so
easily?

 

Regards,

 

Mickey

 

<Prev in Thread] Current Thread [Next in Thread>