We're currently looking at wackamole for our corporate websites to ensure
uptime. I have several items I'd like to ask the user community....
1) Is there any mechanisms in spread for security. What I'm concerned about
is an attacker sending messages to the daemon to cause IP's to be switched
or downed in any way (or the usual buffer overrun exploits, etc). I could
certainly do this with ip filters so that spread/wackamole messages are only
accepted from certain ip addresses, but short of this, is there anything
built into the package to restrict who joins the cluster? Are there any
other attack/security issues that spread/wackamole opens us up to? The
platform is FreeBSD with apache and mysql by the way. I noticed there is a
"secure spread" add on, but wasn't sure if wackamole would just use that
interface if it was installed or if it would have to be modified/recompiled
to take advantage of it. Perhaps tunneling the spread/wackamole process
through ssh is possible? Ideas?
2) Has anyone used wackamole/spread in a mission critical enterprise scale
ecommerce web cluster? Ie. can anyone attest to reliability, security, etc.?
Ie. is it ready for prime time?
3) Of course I can gauge by the responses to this message, but can anyone
vouch for the level of support available, particularly with regards to
timely answers to questions on this list?
Thanks very much in advance for all replies!
Regards,
Jay West
---
[This E-mail scanned for viruses by Declude Virus]
uptime. I have several items I'd like to ask the user community....
1) Is there any mechanisms in spread for security. What I'm concerned about
is an attacker sending messages to the daemon to cause IP's to be switched
or downed in any way (or the usual buffer overrun exploits, etc). I could
certainly do this with ip filters so that spread/wackamole messages are only
accepted from certain ip addresses, but short of this, is there anything
built into the package to restrict who joins the cluster? Are there any
other attack/security issues that spread/wackamole opens us up to? The
platform is FreeBSD with apache and mysql by the way. I noticed there is a
"secure spread" add on, but wasn't sure if wackamole would just use that
interface if it was installed or if it would have to be modified/recompiled
to take advantage of it. Perhaps tunneling the spread/wackamole process
through ssh is possible? Ideas?
2) Has anyone used wackamole/spread in a mission critical enterprise scale
ecommerce web cluster? Ie. can anyone attest to reliability, security, etc.?
Ie. is it ready for prime time?
3) Of course I can gauge by the responses to this message, but can anyone
vouch for the level of support available, particularly with regards to
timely answers to questions on this list?
Thanks very much in advance for all replies!
Regards,
Jay West
---
[This E-mail scanned for viruses by Declude Virus]