Re: Floods - Alexander Samad

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Samad <alex@samad.com.au>
To: netfilter-devel@lists.netfilter.org
Subject: Re: Floods
Date: Mon, 15 Mar 2004 11:34:40 +1100	[thread overview]
Message-ID: <20040315003440.GO26800@samad.com.au> (raw)
In-Reply-To: <200403141930.29602.alchemyx@uznam.net.pl>

[-- Attachment #1: Type: text/plain, Size: 1273 bytes --]

On Sun, Mar 14, 2004 at 07:30:29PM +0100, Micha? Margula wrote:
> Hello!
> 
> 	I have problem, quite big one. I don't know how to deal with it. Tried 
> everything i know. I have a 2 x Xeon 2.66 server with 1 Gig ram. Everything 
> based on Intel e100 and e1000 NICs. That server is my firewall and gateway.
> 
> I have common problem - viruses, worms and so on. It degrades server 
> performance quite much. I am using connlimit.
> 
> -p tcp --syn -m connlimit --connlimit-above 100 -j DROP
> 
> It was working fine until today. I was hit by UDP flood coming from one of our 
> 100mbit networks. I found that person and disconnected, but that is not 
> solution. Event "-t raw" didnt' help.
> 
> Altough after removing ip_conntrack from kernel everything goes fine. But i 
> can't stop using conntrack, because of SNAT, DNAT and REDIRECT targets.
> 
> What do you recommend? Unfortunately connlimit does not work with UDP packets 
> (no wonder - UDP is conection less). What should I do? I even thought about 
> switch to FreeBSD (sic! :<).
What about using the rate-limit module ?

> 
> Help, please!
> 
> -- 
> Micha? Margula, alchemyx@uznam.net.pl, http://alchemyx.uznam.net.pl/
> "W ?yciu pi?kne s? tylko chwile" [Ryszard Riedel]
> 
> 

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2004-03-15  0:34 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-14 18:30 Floods Michał Margula
2004-03-14 21:44 ` Netfilter based application : any advice ? Saber zrelli
2004-03-15  8:51   ` Pablo Neira
2004-03-15 17:01     ` Saber zrelli
2004-03-16 10:26       ` Pablo Neira
2004-03-15  0:34 ` Alexander Samad [this message]
2004-03-15  0:52   ` Floods Michał Margula
2004-03-15 15:14 ` Floods Nuutti Kotivuori
2004-03-15 19:31   ` Floods Michał Margula
2004-03-17  3:25     ` Floods Nuutti Kotivuori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040315003440.GO26800@samad.com.au \
    --to=alex@samad.com.au \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.