[unisog] Packetshaper

Pete Hickey pete at shadows.uottawa.ca
Fri Jan 18 21:19:22 GMT 2002

On Thu, Jan 17, 2002 at 03:54:52PM -0500, Steve Bernard wrote:
> Can you be more specific as to the problems that you experienced? I run
> several PS boxes and haven't noticed anything new, problem wise, since
> upgrading to 5.2.0.

We just experienced an interesting 'problem' with the it.  Still
running 5.1, but that is probably unrelated.

We had a DoS attack originating on our campus.  This attack used
forged source addresses, and these addresses were from any of the
255 on the subnet.  Now, the attack was going to a destination of
around a dozen machines.   

That gives us 255 * 12 = 3060 (src,dst pairs.)  (maybe irrelevant.)

Now, each packet to each host was to a different dest port.  So
now that 3060 is multiplied by a few hundred (thousand) for the
number of sessions flowing through it.

I imagine that the packateer has to do a bit more processing with each
new session to a new port.

The net effect is that our net access slowed down to a crawl.


Pete Hickey               |                         |       VEIWIT
Communication Services    | Pete at mudhead.uottawa.CA |   Makers of transparent
University of Ottawa      |                         |      mirrors for
Ottawa,Ont. Canada K1N 6N5|  (613) 562-5800x1008    |       dyslexics.

More information about the unisog mailing list