interfering with heartbeat when the control connection runs on an
interface connected to internet
Wed, 20 Feb 2002 08:30:49 -0700
Lars Marowsky-Bree wrote:
> On 2002-02-20T13:32:58,
> Alex Kramarov <firstname.lastname@example.org> said:
> > what are the chances that someone could trigger a shutdown (or make both
> > nodes active in the same time) of heartbeat by sending a cpecially crafted
> > packets to the machines : since the protocol is udp, it's virtually
> > impossible to filter these packets by iptables on the cluster machines ?
> Well, of course you can always filter such incoming traffic, both on the nodes
> and more importantly on your firewall.
> But even then heartbeat has strong authentication for its communication and it
> shouldn't be possible for even sophisticated attackers to fake this.
> Look at the authkeys file.
You can also look at the ALS conference paper describing the communications
infrastructure. You can find it pointed to here:
-- Alan Robertson