On Jun 22, 5:32 pm, gary clark <[email protected]> wrote: > Holy crap. The reason for the performance I'm told I have an excessive > amount of connection requests (SYN attacks). The only way I know of is to > have an IDS infront to filter the blighters out? The iptable rules are > rendered pretty much useless under these attacks since software based.
iptables can be used to ratelimit syn packets. You can also turn on syncookies during the attack: /etc/sysctl.conf (on linux) net.ipv4.tcp_syncookies = 1 and then do sysctl -p /etc/sysctl.conf or, if you want to just enable them temporarily: echo 1 > /proc/sys/net/ipv4/tcp_syncookies Syncookies do break some older TCP stacks, but, choosing between up/ slow and down is something you have to answer. A relatively decent site regarding using iptables to limit inbound synfloods: http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html The only real issue you run into with rate limiting, is that you haven't measured what your normal traffic looks like, and if you set your burst and limits too low, you would negatively impact valid traffic. Since you have created a relatively new site, one would have to wonder which of your sites is being attacked, or, were you assigned an IP of someone that was under attack and just got 'lucky'. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
