RE: fail2ban increase loadaverage to 18

To: Michelle Konzack <linux4michelle@tamay-dogan.net>, "debian-isp@lists.debian.org" <debian-isp@lists.debian.org>
Subject: RE: fail2ban increase loadaverage to 18
From: Leo Goehrs <leo.goehrs@alionis.net>
Date: Mon, 20 Aug 2012 19:18:02 +0000
Message-id: <[🔎] 952DE7F89E170749AD4BBF678A82A78D0105092B66@AL-MEX01-VBO.mail.alionis.fr>
In-reply-to: <[🔎] 20120820191526.GK3522@work1>
References: <[🔎] 20120818161050.GV28928@work1> <[🔎] CAL=9LkVxeE_UvvkoNwiQij2vFEeUyniFwCt=XBjHFiwyB5Akww@mail.gmail.com> <[🔎] 20120818210157.GA28928@work1> <[🔎] CAL=9LkXxdT=5M+0Xf3V0zAmMd8_7TvCaxz6N=wnaEUGQWiqa=w@mail.gmail.com> <[🔎] 20120819163316.GB28928@work1> <[🔎] 50312560.8010905@gmail.com> <[🔎] 952DE7F89E170749AD4BBF678A82A78D0105091543@AL-MEX01-VBO.mail.alionis.fr> <[🔎] 20120820010109.GD8690@khazad-dum.debian.net> <[🔎] 20120820191526.GK3522@work1>

Forget about the nullrouting, it will not work in your case. The idea, is for example to set on your cisco a command like:

Ip route XXX.XXX.XX.XXX 255.255.255.252.0 null0

It will discard the return route, but will not eliminate the incoming flow.

-----Original Message-----
From: Michelle Konzack [mailto:linux4michelle@tamay-dogan.net] 
Sent: lundi 20 août 2012 21:15
To: debian-isp@lists.debian.org
Subject: Re: fail2ban increase loadaverage to 18

Hello Henrique de Moraes Holschuh,

Am 2012-08-19 22:01:09, hacktest Du folgendes herunter:
> Null routing the source of the attacks will protect the servers from 
> *everything*, including customers in the null-routed networks.

What is the config for "null routing"?

Since there are only Servers in the network/netblock I do  not  think  I harm any normal users

> It is of limited use on a DDoS because the attack source is all over 
> the map, but if all the crapflood comes from rackspace, null-routing 
> them will be very effective.

Not all, but a bunch of IPs from there network.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux
               Internet Service Provider, Cloud Computing
                <http://www.itsystems.tamay-dogan.net/>
                  <http://www.debian.tamay-dogan.net/>

itsystems@tdnet                     Jabber  linux4michelle@jabber.ccc.de
Owner Michelle Konzack

Gewerbe Strasse 3                   Tel office: +49-176-86004575
77694 Kehl                          Tel mobil:  +49-177-9351947
Germany                             Tel mobil:  +33-6-61925193  (France)

USt-ID:  DE 278 049 239

Linux-User #280138 with the Linux Counter, http://counter.li.org/

Reply to:

Follow-Ups:
- Re: fail2ban increase loadaverage to 18
  - From: Adrian Minta <adrian.minta@gmail.com>

References:
- fail2ban increase loadaverage to 18
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>
- Re: fail2ban increase loadaverage to 18
  - From: Iain Grant <iain@panfantastic.co.uk>
- Re: fail2ban increase loadaverage to 18
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>
- Re: fail2ban increase loadaverage to 18
  - From: Iain Grant <iain@panfantastic.co.uk>
- Re: fail2ban increase loadaverage to 18
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>
- Re: fail2ban increase loadaverage to 18
  - From: Adrian Minta <adrian.minta@gmail.com>
- RE: fail2ban increase loadaverage to 18
  - From: Leo Goehrs <leo.goehrs@alionis.net>
- Re: fail2ban increase loadaverage to 18
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: fail2ban increase loadaverage to 18
  - From: Michelle Konzack <linux4michelle@tamay-dogan.net>

Prev by Date: Re: fail2ban increase loadaverage to 18
Next by Date: Re: fail2ban increase loadaverage to 18
Previous by thread: Re: fail2ban increase loadaverage to 18
Next by thread: Re: fail2ban increase loadaverage to 18
Index(es):
- Date
- Thread