On 2018-02-14 10:48, Sergi Almacellas Abellana wrote:
> In case of flodding, the system can be turned down when the server does
> not have enougth capacity to reply all the request. If you get such
> attacks, i think it's better to block the correponding ip. Indeed a new
> patch have been proposed to improve it:
> I think this will work better for flooding attacks.
There are many other measures like the size request limitation, the
periodical cleaning of the table, the login size limit etc.
But this is not enough and it will never be enough.
Flooding attack (or DoS) should be fixed at lower level like firewall or
even better at the router level. But Tryton provides enough information
in the log file to let tools like fail2ban to block such IP. Also it is
recommended to put the server behind a proxy which provides all the
tools against such attack.
DDoS attack is even more difficult to counter because at this level it
is a matter of size. You must have a large enough network to absorb the
bandwidth the attacker is sending.
Cédric Krier - B2CK SPRL
Tel: +32 472 54 46 59
You received this message because you are subscribed to the Google Groups
To view this discussion on the web visit