Hi Rich,
Sure, here's what we did to protect our Netperf servers: Require a password to
run netperf (it's a command line parameter on the client), and rotate the
password regularly.
This means users will need to sign up for access, and get an email every time
the password is rotated. That way you know who is using (or abusing) the
services. If it is being abused, knock out the abuser from the list, and rotate
the pwd.
Use different passwords for each server to have fine-grained access controls.
I hope that helps,
Jonathan Foulkes
---- On Sat, 30 Mar 2024 13:03:00 -0400 Rich Brown via Bloat
<bloat@lists.bufferbloat.net> wrote ---
Hi folks,
This note was prompted by a question from the crusader github repo [1] where I
wrote the following:
>> It seems to me that the server netperf.bufferbloat.net (also called
>> netperf-east.bufferbloat.net) has been down for quite a while.
>
> Yes. I have been stymied by heavy abuse of the server. In addition to
> legitimate researchers or occasional users,
> I see people running a speed test every five minutes, 24x7.
>
> I created a bunch of scripts [2] to review the netperf server logs and use
> iptables to shut off people who abuse the server.
> Even with those scripts running, I have been unable to keep the traffic
> sent/received below the 4TB/month cap at my VPS.
Does anyone have thoughts about how to continue providing a netperf server at
the name "netperf.bufferbloat.net" while not overwhelming any particular
server? Many thanks.
Rich
[1] https://github.com/Zoxc/crusader/issues/14#issuecomment-2028273112
[2] https://github.com/richb-hanover/netperfclean
_______________________________________________
Bloat mailing list
mailto:Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat
_______________________________________________
Bloat mailing list
Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat
