VRRP (bogus packet)problem help needed fast!!!!

Matthew Hawkins matt at mh.dropbear.id.au
Thu Feb 13 17:24:51 EST 2003

• Ravi Kiran (b_ravi_kiran at yahoo.com) wrote:
> A while ago I inherited two redhat7.3 linux machines that were to be
> configured as High Availability web servers. I used VRRPv2(virtual
> routing redundancy protocol) to make them work like HA servers.
> Everything works fine but during the transition from the failed server
> to the other server, the server that is taking over displays 4 or
> 5 bogus pakets messages(even then!!! the live system properly get the
> packets). Why is it displaying this message??  I dont want to employ
> reverse path filtering to drop the packets.  

You'll probably find that the packets are legitimate ones from existing
TCP connections on remote clients that have no idea your server just
died.  The failover server has no idea what these packets are hence it
logs them as bogus.

> One important thing!! my web servers reboot alternately every
> 2 minutes to avoid intrusions (research project). Hence these bogus
> packets are seen every 2 minutes.
> Anybody have any idea???

Yes.  Stop rebooting every 2 minutes.  That's the dumbest thing I've
ever heard.  You're placing undue stress on the systems, completely
killing performance in a variety of ways, introducing networking
problems, and not stopping intrusions at all (just shortening the window
in which one can take place... any smart attacker will just split their
attack into 2-minute intervals).

Even a dialup modem can pull down a rootkit in 2 minutes.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/linux/attachments/20030213/603a4890/attachment.bin

More information about the linux mailing list