From owner-freebsd-isp Fri Jan 10 12: 8:22 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61D5937B401 for ; Fri, 10 Jan 2003 12:08:21 -0800 (PST) Received: from flavatown.mail.pas.earthlink.net (flavatown.mail.pas.earthlink.net [207.217.120.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E95B43EB2 for ; Fri, 10 Jan 2003 12:08:20 -0800 (PST) (envelope-from tlambert2@mindspring.com) Received: from heron (heron.mail.pas.earthlink.net [207.217.120.189]) by flavatown.mail.pas.earthlink.net (8.11.6+Sun/8.11.6) with ESMTP id h0AK5lV20138 for ; Fri, 10 Jan 2003 12:05:47 -0800 (PST) Received: from pool0200.cvx22-bradley.dialup.earthlink.net ([209.179.198.200] helo=mindspring.com) by heron with asmtp (SSLv3:RC4-MD5:128) (Exim 3.33 #1) id 18X5PK-00073H-00; Fri, 10 Jan 2003 12:05:35 -0800 Message-ID: <3E1F2739.7BBFB04F@mindspring.com> Date: Fri, 10 Jan 2003 12:04:09 -0800 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: nbari@unixmexico.com Cc: freebsd-isp@freebsd.org Subject: Re: DOS attack References: <10497.148.243.246.5.1042225375.squirrel@mail.unixmexico.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a49f8695b2875ef6e6836aafa9336d4229a2d4e88014a4647c350badd9bab72f9c350badd9bab72f9c Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org nbari@unixmexico.com wrote: > Hi was victim of a DOS attack, my server was out for about 5 hours, > services like web and email where down. > > I am using round robind dns for a load balancing, but this only help for > my web services, any idea on how can i make a redundant service for web > and email services? something like mysql does with his replication > function? SMTP is handled via MX records in your DNS; just set up backup mail exchangers. POP3/IMAP4 is problematic. The data there has locality on the server, and there's no way, short of storing you data in a shared storage area, to guarantee accessability from more than one front end server. One possible approach is to use a small proxy, and when the proxy server is DDOS'ed, just switch over to a different proxy server. This works better for IMAP (persistant connections) than for POP3 (new conection on each download attempt). In any implementation, your "real" back end servers should only be reachable from the fornt end servers, so that a DDOS on one back end server does not starve a bunch of front end servers. The typical way this is handled is by buying a load balancer and configuring it to act as a "circuit breaker". This assumes that the load balancer knows how to shed load properly, such that it won't livelock, and can't be overwhelmed (e.g. RED-queuing, etc.). > I don't want to use hardware only software Looks like you are going to be spending money on rack space and PCs doing no useful work, other than running proxies. You can get an IMAP4 proxy from the Cyrus project; there are POP3 proxies out there (search for them), or you can write your own. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message