From: Claudio Rosa (crmrosaIZZATterra.com.br)
Date: Tue Sep 24 2002 - 06:43:56 EDT
Hi Emil,
Like Peter and Julio said, the Alteon delayed-binding feature work fine. We
test in our lab(GLOBO.COM) with 2 servers doing 30 Mbps of SYNAttack and 8
servers with a LoadGenerator doing 250 Mbps of valid traffic, everything
without problems. The attack add near to 10%¨of CPU in each of the 8
processor A(the switch has 8 processors A("frontend"), 8 processors B
("backend") to the traffic, the port 9 processors don´t work for this, and 2
others processors to the management).
In the SLB solutions, the "delayed-binding" is a good solution for your
problem. In the URLWCR(layer 7) we found some problems that we
troubletickets opened in the NortelNetwork to solve them, anyway it is a
good solution.
Claudio Rosa
-----Mensagem original-----
De: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]Em nome de
emilIZZATatrivo.com
Enviada em: segunda-feira, 23 de setembro de 2002 17:26
Para: lb-lIZZATvegan.net
Assunto: RE: [load balancing] Re: Filter DOS Attacks
Hi Tony,
I was affraid of that, we have been doing exactly that having the upstream
block the routes.. Also we are now switching to a provider called Internap
JUST for the incoming because they route through all the 9 tier 1 providers
and clame to stop DOS attacks.. We see what happens ;-)
-----Original Message-----
From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]On Behalf Of
tony bourke
Sent: Monday, September 23, 2002 12:07 PM
To: lb-lIZZATvegan.net
Subject: RE: [load balancing] Re: Filter DOS Attacks
Hi Emil,
Yeah, If you've got a DOS attack that eats up all the incoming bandwidth
you have available, there isn't any load balancer or any other network
device that's gonig ot be able to handle that.
The solution then needs to be upstream. I remember about 2 years ago when
those icmp-based DDoS attacks were crippling major sites like yahoo, I
believe all of the major network providers put a cap on icmp inbound on
their respective peering routers. SYN is a little more difficult, since
it's harder to differentiate between usefull and malicous traffic if it's
distributed, but if it hits 100 Mbps there isn't anything the load
balancer can do, since it's too late after it hits the line.
Tony
On Mon, 23 Sep 2002
emilIZZATatrivo.com wrote:
> It looks like it's a SYNFlood because out incoming goes up to the full
> 100mbit and basically cripples the line. Thanks for the response awaiting
> your next response how to combat these!
>
> Thanks!
>
> -----Original Message-----
> From: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]On Behalf Of
> Claudio Rosa
> Sent: Monday, September 23, 2002 3:07 AM
> To: lb-lIZZATvegan.net
> Subject: RES: [load balancing] Re: Filter DOS Attacks
>
>
> Hi,
>
> Each kind of attack needs one "different filter". For example, if you
> enable the "manegement network" feature, the switch will not respond a
> "ping", if you enable the "delayed bind" feature, the switch will do the
> "three way handshake" to avoid "SYNFLOOD attack".
>
> What kind of attack are you thinking?
>
> Rgds,
>
> Cláudio Rosa
>
> -----Mensagem original-----
> De: owner-lb-lIZZATvegan.net [mailto:owner-lb-lIZZATvegan.net]Em nome de
> emilIZZATatrivo.com
> Enviada em: sábado, 21 de setembro de 2002 22:04
> Para: lb-lIZZATvegan.net
> Assunto: [load balancing] Re: Filter DOS Attacks
>
>
> Hey All,
>
> Anyone have any ideas of how to filter DOS attacks on the AD3? What are
> some of you doing to prevent such attacks? Does it make sense to disable
> ICMP?
>
> Thanks!
>
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com
>
>
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com
>
> ____________________
> The Load Balancing Mailing List
> Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l
> Archive: http://vegan.net/lb/archive
> LBDigest: http://lbdigest.com
> MRTG with SLB: http://vegan.net/MRTG
> Hosted by: http://www.tokkisystems.com
>
-- -------------- -- ---- ---- --- - - - - - -- - - - - - - Tony Bourke tonyIZZATvegan.net____________________ The Load Balancing Mailing List Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: http://vegan.net/lb/archive LBDigest: http://lbdigest.com MRTG with SLB: http://vegan.net/MRTG Hosted by: http://www.tokkisystems.com
____________________ The Load Balancing Mailing List Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: http://vegan.net/lb/archive LBDigest: http://lbdigest.com MRTG with SLB: http://vegan.net/MRTG Hosted by: http://www.tokkisystems.com
____________________ The Load Balancing Mailing List Unsubscribe: mailto:majordomoIZZATvegan.net?body=unsubscribe%20lb-l Archive: http://vegan.net/lb/archive LBDigest: http://lbdigest.com MRTG with SLB: http://vegan.net/MRTG Hosted by: http://www.tokkisystems.com
This archive was generated by hypermail 2.1.4 : Tue Sep 24 2002 - 06:51:54 EDT