LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [lvs-users] IPVS SYN-cookies -> IPVS security patch not 3.x kernels
From: Ivan Havlicek <ivan@xxxxxxxxxxx>
Date: Tue, 14 May 2013 19:49:27 +0200
Le 14/05/2013 08:51, Horst Venzke-Fa Remsnet Ltd a écrit :
>    Therefore - for IPVS security Obligations - the SNY Flood traffik should be
>    stopped at the earlierst  point :  the IPVS systems its self.
It is a view that I do not share.
I prefer to use the solution to "limit" at the IPVS IP server and use
the SYN Cookies on the real servers.
Maybe I'm wrong, but I prefer distribute the attack on the real servers
rather than take the risk of dropping the IPVS directorhimself.
As the only way is to rewrite something which permit to do the SYNPROXY
for kernel 3.x series, perhaps you should find another way to obtain
this result.  If there is a high risk of DoS in your case, perhaps
putting some equipments to manage that before the IPVS server should be
another good solution.

Best regards
--
                                                    Ivan
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
<Prev in Thread] Current Thread [Next in Thread>