[PLUG] network traffic shaping for servers

Louis Kowolowski louisk at cryptomonkeys.org
Sun Feb 23 07:16:26 UTC 2014


With out knowing more about your infrastructure, its difficult to provide concrete help. That said, you can only prioritize or police outbound traffic (as another individual on the list has pointed out).
If you are using traditional network gear, this shouldn’t be particularly difficult, but details will depend on what vendor you use. If you are using Linux, you might check out tc (http://www.linux.com/learn/tutorials/330252:weekend-project-configuring-qos-for-linux-routers-gateways).

Many home routers offer a rather rudimentary form of this. It may be suitable for your needs, it may not. This is not a typical “home network” use case. :-)


On Feb 22, 2014, at 2:16 PM, Keith Lofstrom <keithl at gate.kl-ic.com> wrote:

> Two related problems, looking for advice:
> 
> 1) The websites I offer from my virtual server are increasingly
> being hammered by exploitbots, sometimes driving the load average
> above 30.  Many different sources, I assume virus-infected home
> computers in botnets looking for common weaknesses.  What is the
> easiest way to thottle traffic from such machines, or detect 
> similar "attack" requests (mysql exploits, for example) and
> blacklist the IP addresses they come from?
> 
> 2) I run a Personal Telco access point, and am glad to serve
> my community.  However, sometimes my guests use up most of
> my bandwidth.  Is there an easy way to thottle the bandwidth
> feeding the access point (it is by itself on a private DMZ)
> to a reasonable fraction of my FIOS feed, say to 3mbps?
> 
> Again, there are probably optimal strategies, but I'll take
> easy, good-enough and hard-to-screw-up for now.
> 
> Keith
> 
> -- 
> Keith Lofstrom          keithl at keithl.com
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug


--
Louis Kowolowski                                louisk at cryptomonkeys.org
Cryptomonkeys:                                   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20140222/2e297061/attachment.asc>


More information about the PLUG mailing list