rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_red
icon_orange
icon_red
icon_red
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#158 — FS#4249 —Protection against attacks

Attached to Project— Network
Maintenance
Whole Network
CLOSED
100%
We will make the tests of protections set up
against attacks of synflood and smurf type.
Date:  Sunday, 19 September 2010, 17:21PM
Reason for closing:  Done
Comment by OVH - Wednesday, 02 June 2010, 14:24PM

+ ICMP

Done.


Comment by OVH - Wednesday, 02 June 2010, 14:29PM

We have removed SYN. We leave ICMP.


Comment by OVH - Wednesday, 02 June 2010, 14:32PM

I wanted to re-do the test tomorrow at 7h/8h am in order to
validate a setting. It is obvious that there is big differences
in the settings between the night and day
and all in all we should make the R&D during the day :(


Comment by OVH - Wednesday, 02 June 2010, 15:17PM

We have changed the settings again.
Both of the two levels were set up.


Comment by OVH - Friday, 04 June 2010, 17:52PM

We will reduce the burst. So strengthen
protections. We have hugely scans on the
network at the level of the port 23 (telnet).


Comment by OVH - Friday, 04 June 2010, 17:52PM

done


Comment by OVH - Friday, 04 June 2010, 17:54PM

More than 1000 external IP blocked in telnet on 1200.
Normally we run at 200-300 max on the 6 hours.


Comment by OVH - Thursday, 08 July 2010, 16:50PM

We refine the adjustments against SYN flood.


Comment by OVH - Friday, 30 July 2010, 05:31AM

We have switched the IP blocking which scan on other infra in order to aspire this "bad" traffic and analyse it. This is going to allow us to have more logs and especially to know when the scan is accomplished. And if the scan is not accomplished, IP is kept blocked.

We could provide a site with the IP blocked list as well as scan logs then aggregate these logs on the network and AS in order to determine AS which are hazardous.