i was curious at one point and collected a some packet size stats on our border router. while the average packet size is close to 500, the bulk (by count) of the traffic seems to be in the 64-95 byte
Typical packet is around 500 bytes average. Not sure that's really the case. I have the impression the traffic is basically something like: - close to 1500 bytes (data transfers) - between 40-100 by
"real world" is the worst-case DOS tool available. Synflood tools like juno seem to fit that category. If you think juno is not a good real-world test, then keep pissing people off and you'll find ou
A script kiddie 0wning a box with a FE connection is nothing. During what was probably the worst DOS I got hit with, one of my upstream providers said they were seeing about 600mbps of traffic relate
... This reminds me of the situation we experienced with the dst cache overflowing in early 2.2 kernels. This was a long time ago, when our traffic was only about 10 Mbits/second. We had recently upg
We are given more work than we have resources for (max_size) what else than refuse can we do? But yes we have invested pretty much work already. Also remember we are looking into runs were 100% of in
Well, this is the problem. We do not and cannot know which entries we really want to remember (legitimate traffic). Adding code to actually refuse new dst entries is just going to make the DoS effect