Re: HELP Under Attack
From: Jem Berkes (jb_at_users.pc9.org)
Date: 08/24/04
- Previous message: Ray Ingles: "Re: "Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD""
- In reply to: Jim G.: "Re: HELP Under Attack"
- Next in thread: Jim G.: "Re: HELP Under Attack"
- Reply: Jim G.: "Re: HELP Under Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Aug 2004 14:38:18 GMT
> Hello, yes we are a well known company and we currently have 5 servers
> with a load balancer. The balancer did a good job keeping up with the
> attack. From what I have read tcp_syncookies takes the load off of
> apache and transfers it to the kernel. I cannot drop traffic to any
> country because we deal with all countries around the world.
If the attacking IP addresses are genuine, then I would strongly recommend
importing the big list of known compromised/zombie IP addresses from
ahbl.org, cbl.abuseat.org and using these IPs in your firewall rule to
block packets.
But if the IP addresses are forged, syn cookies is your best bet. Of course
you can't do anything about the bandwidth wasted by the attack, but it
should keep the connection table in your TCP/IP stack clean.
-- Jem Berkes http://www.sysdesign.ca/
- Previous message: Ray Ingles: "Re: "Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD""
- In reply to: Jim G.: "Re: HELP Under Attack"
- Next in thread: Jim G.: "Re: HELP Under Attack"
- Reply: Jim G.: "Re: HELP Under Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
