On Fri, Jan 16, 2015 at 09:01:07AM +0100, Lukas Tribus wrote:
I don't see how. The socket is immediately close()'ed when it hits
tcp-request
connection reject, this is as cheap as it gets.
If you're getting attacked, you try to send as few unnecessary packets
as possible, I guess
I don't see how. The socket is immediately close()'ed when it hits
tcp-request
connection reject, this is as cheap as it gets.
If you're getting attacked, you try to send as few unnecessary packets
as possible, I guess a silent drop could be nice.
Yes, but that can't be done in
Hi,
I don't see how. The socket is immediately close()'ed when it hits
tcp-request
connection reject, this is as cheap as it gets.
If you're getting attacked, you try to send as few unnecessary packets as
possible, I guess a silent drop could be nice.
a) HAProxy (configured with rate
Hi!
just a thought... wouldn't it make sense to add an option to tcp-request
connection reject to disable the actual TCP RST?
I don't see how. The socket is immediately close()'ed when it hits tcp-request
connection reject, this is as cheap as it gets.
So, an attacker tries to (keep) open
Hey guys,
just a thought... wouldn't it make sense to add an option to tcp-request
connection reject to disable the actual TCP RST? So, an attacker tries to
(keep) open a lot of ports:
a) HAProxy (configured with rate limiting etc.) does a tcp-request connection
reject which ends up as a TCP
On Wed, Jan 14, 2015 at 5:00 PM, Christian Ruppert c.rupp...@babiel.com wrote:
Hey guys,
just a thought... wouldn't it make sense to add an option to tcp-request
connection reject to disable the actual TCP RST? So, an attacker tries to
(keep) open a lot of ports:
a) HAProxy (configured with
Hi Baptiste,
tarpit is pretty handy but as far as I understood it will keep the connection
open, on both sides. So at some point (pretty quickly actually) we cannot handle
any more connections on that host. The host will become slow and/or
unresponsive. When we close the connection on our local
7 matches
Mail list logo
