Dear Rich, first, thanks for supplying that service.
> On Oct 6, 2020, at 12:52, Rich Brown <[email protected]> wrote: > > To the Bloat list, > > I had some time, so I looked into what it might take to keep the > netperf.bufferbloat.net server on-line in the face of an unwitting "DDoS" > attack - automated scripts that run tests every 5 minutes 24x7. The problem > was that these tests would blow through my 4TB/month bandwidth allocation in > a few days. > > In the past, I had been irregularly running a set of scripts to count > incoming netperf connections and blacklist (in iptables) those whose counts > were too high. This wasn't good enough: it wasn't keeping up with the tidal > wave of connections. > > Last week, I revised those scripts to work as a cron job. The current > parameters are: run the script every hour; process the last two days' of > kern.log files; look for > 500 connections; drop those addresses in iptables. > > There are currently 479 addresses blacklisted in iptables (that explains why > the bandwidth was being consumed so quickly). There are only a few new > addresses being added per day, so it seems that we have flushed out most of > the abusers. > > My questions for this august group: > > 1) The server at netperf.bufferbloat.net is up and running. I get full rate > speed from my 7mbps DSL circuit, but that's not much of a test. I would be > interested to hear your results. From work: bash-3.2$ ./betterspeedtest.sh 2020-10-06 14:46:19 Testing against netperf.bufferbloat.net (ipv4) with 5 simultaneous sessions while pinging gstatic.com (60 seconds in each direction) . Download: Mbps Latency: (in msec, 1 pings, 0.00% packet loss) Min: 6.868 10pct: 0.000 Median: 0.000 Avg: 6.868 90pct: 0.000 Max: 6.868 ............................................................. Upload: 309.67 Mbps Latency: (in msec, 61 pings, 0.00% packet loss) Min: 6.644 10pct: 6.730 Median: 7.289 Avg: 7.385 90pct: 7.941 Max: 9.980 Press any key to continue... bash-3.2$ ./betterspeedtest.sh 2020-10-06 14:49:33 Testing against netperf.bufferbloat.net (ipv4) with 5 simultaneous sessions while pinging gstatic.com (60 seconds in each direction) ................................................................................ Download: 0 Mbps Latency: (in msec, 80 pings, 0.00% packet loss) Min: 6.583 10pct: 6.637 Median: 6.674 Avg: 6.694 90pct: 6.743 Max: 7.204 ................................................................................ Upload: 0 Mbps Latency: (in msec, 80 pings, 0.00% packet loss) Min: 6.555 10pct: 6.622 Median: 6.667 Avg: 6.687 90pct: 6.742 Max: 7.218 Press any key to continue... So there seems to be an issue with the Download test, from home I currently get 0/0 for both Upload/download.... Maybe I just made it on the block list (not that I remember trying to reach that server in the last weeks at all). Running flent's rrul_cs8 manually against netperf.bufferbloat.net gave me around 80/25 which seems believable. > > 2) The current threshold comes from this estimate: most speed tests use 10 > connections: 5 connections up and 5 down. So 500 connections would permit > about 50 tests over the course of two days. Is that enough for "real > research"? (If you need more, I can add your address to my whitelist file...) I think 50 tests is quite generous, that is more than one test every hour for two days ;) > > 3) I would be pleased to get comments on the set of scripts. I'm a newbie at > iptables, so it wouldn't hurt to have someone else check the rules I devised. > See the README at https://github.com/richb-hanover/netperfclean Outside of my area of expertise.... Best Reards Sebastian > > Thanks. > > Rich > > _______________________________________________ > Bloat mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/bloat _______________________________________________ Bloat mailing list [email protected] https://lists.bufferbloat.net/listinfo/bloat
