pete at shadows.uottawa.ca
Fri Jan 18 21:19:22 GMT 2002
On Thu, Jan 17, 2002 at 03:54:52PM -0500, Steve Bernard wrote:
> Can you be more specific as to the problems that you experienced? I run
> several PS boxes and haven't noticed anything new, problem wise, since
> upgrading to 5.2.0.
We just experienced an interesting 'problem' with the it. Still
running 5.1, but that is probably unrelated.
We had a DoS attack originating on our campus. This attack used
forged source addresses, and these addresses were from any of the
255 on the subnet. Now, the attack was going to a destination of
around a dozen machines.
That gives us 255 * 12 = 3060 (src,dst pairs.) (maybe irrelevant.)
Now, each packet to each host was to a different dest port. So
now that 3060 is multiplied by a few hundred (thousand) for the
number of sessions flowing through it.
I imagine that the packateer has to do a bit more processing with each
new session to a new port.
The net effect is that our net access slowed down to a crawl.
Pete Hickey | | VEIWIT
Communication Services | Pete at mudhead.uottawa.CA | Makers of transparent
University of Ottawa | | mirrors for
Ottawa,Ont. Canada K1N 6N5| (613) 562-5800x1008 | dyslexics.
More information about the unisog