udp flood protection

Discussion in 'Computer Security' started by SJ, Jul 18, 2005.

  1. SJ

    SJ Guest

    Hello All!

    I'm about to build an UDP balancer application on Unix (a reverse proxy)
    and I'd like to implement a flood protection. Any ideas how to do this
    besides checking the IP address of the clients?

    TIA,

    SJ
    SJ, Jul 18, 2005
    #1
    1. Advertising

  2. In article <>, SJ <>
    wrote:

    >I'm about to build an UDP balancer application on Unix (a reverse proxy)
    >and I'd like to implement a flood protection. Any ideas how to do this
    >besides checking the IP address of the clients?


    It is in the nature of UDP that essentially all the processing is up to
    the receiving application. So the definition of "flood" depends on how
    much your application can cope with. Contrast TCP SYN flood attacks,
    where the "flood" arises because it fills up a connection table managed
    by the kernel.

    Checking IP addresses of incoming UDP packets isn't going to be enough,
    since any eavesdropper can determine which addresses you're
    communicating with and spoof packets with those addresses.
    Lawrence D¹Oliveiro, Jul 19, 2005
    #2
    1. Advertising

  3. SJ

    SJ Guest

    Lawrence D¹Oliveiro wrote:

    > It is in the nature of UDP that essentially all the processing is up to
    > the receiving application. So the definition of "flood" depends on how
    > much your application can cope with. Contrast TCP SYN flood attacks,
    > where the "flood" arises because it fills up a connection table managed
    > by the kernel.
    >
    > Checking IP addresses of incoming UDP packets isn't going to be enough,
    > since any eavesdropper can determine which addresses you're
    > communicating with and spoof packets with those addresses.


    Hello Lawrence!

    And what other steps do you recommend? Eg. traffic shaping on the router
    or running iptables with "--limit" on the udp proxy host, ...

    SJ
    SJ, Jul 19, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PNC
    Replies:
    2
    Views:
    753
    ZeroKool
    Dec 20, 2003
  2. pi1220
    Replies:
    0
    Views:
    995
    pi1220
    Feb 12, 2004
  3. grzybek

    PIX - Flood Defender

    grzybek, Feb 23, 2004, in forum: Cisco
    Replies:
    1
    Views:
    1,449
    Martin Bilgrav
    Feb 23, 2004
  4. Tom
    Replies:
    2
    Views:
    5,189
  5. Christian Holm

    Possible SYN flood?

    Christian Holm, Feb 22, 2005, in forum: Cisco
    Replies:
    2
    Views:
    3,454
Loading...

Share This Page