Date: Fri, 10 Jan 2003 12:54:42 -0800 From: Tim Kientzle <kientzle@acm.org> To: nbari@unixmexico.com Cc: freebsd-isp@FreeBSD.ORG Subject: Re: DOS attack Message-ID: <3E1F3312.8070605@acm.org> References: <10497.148.243.246.5.1042225375.squirrel@mail.unixmexico.com>
next in thread | previous in thread | raw e-mail | index | archive | help
nbari@unixmexico.com wrote: > I am using round robind dns for a load balancing, but this only help for > my web services Round robin DNS is a simple way to distribute load, but it doesn't do it very evenly and provides no failover. (Each client only sees one of your IP addresses; if that server is inaccessible for any reason, those clients won't be able to connect.) Also, remember that if a DoS attack is saturating your link(s), then there's nothing you can do at your end. If there's no bandwidth for legitimate requests, then they won't be able to reach your server. However, with careful firewalling and load-testing, you should be able to ensure that your servers don't actually crash during an attack. How you handle this will depend on your bandwidth, of course; if you have a 384kbps DSL line, then a spare PC running ipfw should be able to handle your firewall requirements. If you have multiple T3s, then you'll need something more robust. > .. any idea on how can i make a redundant service for web > and email services? something like mysql does with his replication > function? Set up multiple MX records for email pointing to various servers. Each of those forwards to a common back-end mailbox server. If those servers are on different subnets with independent connections, that's even better. Redundant web services depends a lot on your particular application architecture. Static data is easy to replicate; it's also easy to set up redundant application servers against a shared database. Replicating live data over a distance in real-time? That's hard. Tim Kientzle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E1F3312.8070605>