netdev
[Top] [All Lists]

RE: Route cache performance under stress

To: "'Florian Weimer'" <fw@xxxxxxxxxxxxx>, <ralph+d@xxxxxxxxx>
Subject: RE: Route cache performance under stress
From: "CIT/Paul" <xerox@xxxxxxxxxx>
Date: Wed, 11 Jun 2003 15:40:47 -0400
Cc: "'Jamal Hadi'" <hadi@xxxxxxxxxxxxxxxx>, "'Pekka Savola'" <pekkas@xxxxxxxxxx>, "'Simon Kirby'" <sim@xxxxxxxxxxxxx>, "'David S. Miller'" <davem@xxxxxxxxxx>, <netdev@xxxxxxxxxxx>, <linux-net@xxxxxxxxxxxxxxx>
Importance: Normal
In-reply-to: <87he6wbdkz.fsf@xxxxxxxxxxxxx>
Organization: CIT
Sender: netdev-bounce@xxxxxxxxxxx
Wait until you see a DoS attack at 2 million pps with random source ips
and ports and dst ports and tcp flags and the only consistant thing
about the entire attack is the destination ip :>  can we say.. Null
route quick!! 

Paul xerox@xxxxxxxxxx http://www.httpd.net


-----Original Message-----
From: Florian Weimer [mailto:fw@xxxxxxxxxxxxx] 
Sent: Wednesday, June 11, 2003 3:48 PM
To: ralph+d@xxxxxxxxx
Cc: Jamal Hadi; Pekka Savola; CIT/Paul; 'Simon Kirby'; 'David S.
Miller'; netdev@xxxxxxxxxxx; linux-net@xxxxxxxxxxxxxxx
Subject: Re: Route cache performance under stress


Ralph Doncaster <ralph@xxxxxxxxx> writes:

>> Assuming the attacker has a 100mbps link to you, yes ;->
>
> A script kiddie 0wning a box with a FE connection is nothing.  During 
> what was probably the worst DOS I got hit with, one of my upstream 
> providers said they were seeing about 600mbps of traffic related to 
> the attack.

Yes, these numbers keep growing.  By today's standards, 6000 Mbps
shouldn't be too surprising. 8-(

One of the servers I keep running was recently flooded with 1500-byte
UDP packets, Fast Ethernet line rate.  It definitely happens if your
pipes are fat enough.


<Prev in Thread] Current Thread [Next in Thread>