Wait until you see a DoS attack at 2 million pps with random source ips
and ports and dst ports and tcp flags and the only consistant thing
about the entire attack is the destination ip :> can we say.. Null
route quick!!
Paul xerox@xxxxxxxxxx http://www.httpd.net
-----Original Message-----
From: Florian Weimer [mailto:fw@xxxxxxxxxxxxx]
Sent: Wednesday, June 11, 2003 3:48 PM
To: ralph+d@xxxxxxxxx
Cc: Jamal Hadi; Pekka Savola; CIT/Paul; 'Simon Kirby'; 'David S.
Miller'; netdev@xxxxxxxxxxx; linux-net@xxxxxxxxxxxxxxx
Subject: Re: Route cache performance under stress
Ralph Doncaster <ralph@xxxxxxxxx> writes:
>> Assuming the attacker has a 100mbps link to you, yes ;->
>
> A script kiddie 0wning a box with a FE connection is nothing. During
> what was probably the worst DOS I got hit with, one of my upstream
> providers said they were seeing about 600mbps of traffic related to
> the attack.
Yes, these numbers keep growing. By today's standards, 6000 Mbps
shouldn't be too surprising. 8-(
One of the servers I keep running was recently flooded with 1500-byte
UDP packets, Fast Ethernet line rate. It definitely happens if your
pipes are fat enough.
|