[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dos attack problem in xen bridge mode

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Simon Hobson <linux@xxxxxxxxxxxxxxxx>
Date: Tue, 21 Dec 2010 07:53:35 +0000
Delivery-date: Mon, 20 Dec 2010 23:55:26 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

Alaa eldin wrote:

i'm using xen in bridge mode and some of my domU got under attackfrom one ip with high udp packet inside domU i'm using iptables asfirewall i have drop the packet but from dom0 i still see the ipfrom Iftop and the ip eat my traffic there is any idea about this

If you have a rule to match the traffic, you can drop it at theingress interface with an iptables rule in Dom0. The traffic willstill hit the network stack and netfilter, but it won't then get asfar as the bridge. If that's not good enough, then you'll have tofilter it upstream before it reaches your Xen server machine.


--
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] dos attack problem in xen bridge mode
  - From: Alaa eldin

Prev by Date: Re: [Xen-users] Yet another question about multiple NICs
Next by Date: Re: [Xen-users] Re: Network isolation - PCI passthrough question
Previous by thread: [Xen-users] dos attack problem in xen bridge mode
Next by thread: [Xen-users] [SPAM] XCP 1.0beta and vastSky. What information I have gathered, what I did and how "far" I got with it.
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.