Re: syn flood attacks from NL-based netblocks

[Töma Gavrichenkov <ximaera () gmail com>]

On Mon, Aug 19, 2019, 8:57 PM Valdis Klētnieks <valdis.kletnieks () vt edu>
wrote:

> On Mon, 19 Aug 2019 20:44:47 +0300, Töma Gavrichenkov said:
>
> > Not in a typical DC/ISP environment!  With the solution you propose, a
> > perfect routing symmetry is a hard requirement, b/c you need to make
> > sure a returning SYN/ACK hits the very same machine as the initial
> > SYN.
>
> If your load balancer isn't doing something to make that situation work
> properly,
> you need to talk to your vendor.

If you're doing load balancing for *outgoing* traffic — and in exactly the
same manner as you do with incoming — then maybe.

This also assumes that instead of mitigating an attack near the border you
set up and keep an internal cluster of filtering machines somewhere and
route, in the worst case scenario, *all* of your traffic through that
cluster.  Depending on the size of your network, it might or might not be
an effective solution.

--
Töma

>