rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_green
icon_orange
icon_red
icon_green
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#1751 — FS#5731 — protection of the shared hostings

Attached to Project— Hosting
Modernization
all (Plan hostings)
CLOSED
100%
After the last attacks that we received on the shared
hosting , we added a protection that allows to protect
against this precise attack

The attack consists in opening many
simultaneous connexions (so it's not synflod) ,
then the connexion does nothing and waits the timeout.


We were already protected against this attack
but visibly, some people found how to by-pass
the actual protections.


So we added a limit in terms of number of connexions
that an IP can do on the shared hosting and we fixed
it to 50 simultaneous connexions from an IP. After
that we whitelisted some IPs (google, etc ...)


If an IP reachs the limit of 50 simultaneous connexions,
the firewall does not open during 2 seconds. After 2 seconds
it evaluates the situation and then it takes another decision :
either it's under 50 connexions and it opens the connexion , either
it's in standby for 2 more seconds.


class-list any
0.0.0.0 /0 lid 1

slb template policy ip_limit
class-list name any
class-list lid 1
conn-limit 150
over-limit-action lockout 2 log 1
Date:  Thursday, 23 February 2012, 14:12PM
Reason for closing:  Done
Comment by OVH - Saturday, 27 August 2011, 14:54PM

p19-77-a10#sh class-list any

Name: any
Total single IP: 0
Total IP subnet: 31
Content:
65.52.0.0 /16
66.102.2.0 /24
66.102.3.0 /24
66.102.4.0 /24
66.102.0.0 /20
66.102.10.0 /23
66.102.12.0 /23
66.249.66.0 /24
66.249.67.0 /24
66.249.68.0 /24
66.249.69.0 /24
66.249.71.0 /24
66.249.72.0 /24
66.249.64.0 /19
66.249.82.0 /24
66.249.84.0 /24
66.249.85.0 /24
67.195.0.0 /16
74.125.76.0 /24
74.125.78.0 /24
77.88.30.0 /24
81.52.143.0 /24
95.108.158.0 /24
0.0.0.0 /0 lid 1
157.55.0.0 /16
193.47.80.0 /24
193.252.118.0 /24
193.252.149.0 /24
193.253.141.0 /24
207.46.0.0 /16
213.251.189.0 /24