Hi list, I am in the process of testing LVS defenses against SYN floods and found that despite configuring the recommended sysctl variables, my LVS is still susceptible to a SYN flood using hping3.
On my lvs I have the following configured: net.ipv4.vs.drop_entry = 1 net.ipv4.vs.drop_packet = 1 net.ipv4.vs.secure_tcp = 1 net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 10 I generate the attack using: hping3 -p 80 --flood -S --rand-source test-web1 Almost immediately, the LVS system becomes unresponsive and I can see the connection tables /proc/net/ip_vs_conn and /proc/net/ip_vs_conn_sync filling up while neither of the net.ipv4.vs.* have been changed to 2. In addition, the realservers (test-fe01, test-fe02, test-fe03) are reporting the SYN flood correctly, and have activated syncookies: Dec 19 15:34:00 test-fe01 kernel: [6310993.998126] possible SYN flooding on port 80. Sending cookies. Can anyone comment on what my issue is? Is it a configuration issue? Thanks, -- Khosrow _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
