On 2010-6-22 23:32, gary clark wrote:
Holy crap. The reason for the performance I'm told I have an excessive amount of connection requests (SYN attacks). The only way I know of is to have an IDS infront to filter the blighters out? The iptable rules are rendered pretty much useless under these attacks since software based. Ugh!
An IDS will not help since it only detects, it takes no action. You can probably use an iptables limit rule to control the rate of accepted SYNs, but you do run the risk of that affecting performance as well.
Wichert. -- Wichert Akkerman <[email protected]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
