From: "Michael T. Babcock" <mbabcock@fibrespeed.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] why shape incoming traffic
Date: Sat, 02 Mar 2002 11:16:57 +0000 [thread overview]
Message-ID: <marc-lartc-101506785613736@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101494774514020@msgid-missing>
On Fri, Mar 01, 2002 at 02:12:07PM -0800, Don Cohen wrote:
> I'd argue that this request is coming from the local machine and
> should be classified as such. I gather it's not forwarding the
> original packets.
You're correct that it is not sending the original packets, but if 300
users from 5 departments with bandwidth sharing limits are browsing the
web with one copy of Squid between them and the 'net, its very nice if
Squid's web usage gets taken into account when it has to fetch sites.
> What I don't understand: is the user sending packets to the site with
> the original web page or to the squib server? If the original site,
> then how is the squib server getting them?
That depends on your configuration; Squid can be set up as a transparent
proxy so that all requests made to given ports (80, 443, etc.) are forced
through Squid instead so that the user doesn't have the choice.
> The point is that I want to maintain legitimate communication with
> these servers when someone is trying to attack them.
If all you want is to have legitimate use, set up a class for interactive
traffic, reserve it some amount of bandwidth, cap it at another amount (to
keep a user from using SSH to eat all your bandwidth) and add SFQ to it to
make sure no one connection gets all the bits.
My new Internet gateway box is actually set up without any login or port
services except forwarding and firewalls -- there are no listening ports at
all and no way for me to log into it except over serial port or at the
terminal. The serial port is connected to an external modem; logging in
is therefore "out of band". Any form of non serial login is assumed to be
an intrusion, but that's off-topic ;-).
--
Michael T. Babcock
CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc)
http://www.fibrespeed.net/~mbabcock/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-03-02 11:16 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-01 1:53 [LARTC] why shape incoming traffic Don Cohen
2002-03-01 10:04 ` bert hubert
2002-03-01 15:47 ` Don Cohen
2002-03-01 15:50 ` bert hubert
2002-03-01 19:27 ` Michael T. Babcock
2002-03-01 19:34 ` Michael T. Babcock
2002-03-01 21:48 ` Don Cohen
2002-03-02 11:16 ` Michael T. Babcock [this message]
2002-03-04 5:05 ` Michael T. Babcock
2002-03-04 15:22 ` Don Cohen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101506785613736@msgid-missing \
--to=mbabcock@fibrespeed.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.