ip_vs_random_dropentry

lvs-users

ip_vs_random_dropentry

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	ip_vs_random_dropentry
From:	Jacob Coby <jcoby@xxxxxxxxxxxxxxx>
Date:	Wed, 28 Sep 2005 12:24:20 -0400

I've been looking at the source code for ipvs 1.0.10 and noticed thatip_vs_random_dropentry does not send a RESET packet to the realserver.It is my understanding that this feature is to prevent SYN flood (andrelated) attacks, but it doesn't seem like it would be effective as therealserver will continue to SYN/ACK until it reaches tcp_synack_retries.You've potentially saved the director from attack, but lost therealserver(s).


Am I missing something, or is this by design?

--
-Jacob

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
ip_vs_random_dropentry, Jacob Coby <= Re: ip_vs_random_dropentry, Julian Anastasov Re: ip_vs_random_dropentry, Jacob Coby Re: ip_vs_random_dropentry, Julian Anastasov

Previous by Date:	Re: newbie trying to setup simple load balancer, Joseph Mack NA3T
Next by Date:	Re: newbie trying to setup simple load balancer, sipieter nicolas
Previous by Thread:	Issues with braindead network topology and LVS-NAT, Pascal Bleser
Next by Thread:	Re: ip_vs_random_dropentry, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]