On 15/02/07, Justin Robertson <[EMAIL PROTECTED]> wrote:
This is definitely worst-case, it's simulating a DDoS attack at the network. What is really surprising is that just 1mbps of traffic is able to kill a 6.x box doing routing. If it were, say, 600mbps that I'd understand as you're pushing over a million PPS. But 1mbps? :-\ Freddie Cash wrote: > On Thursday 15 February 2007 01:29 pm, Justin Robertson wrote: > >> Send a flood of 60 byte syn packets with the tcp sack option thru >> it and check out what happens. It's pretty weird and I can't explain >> why. If you block the packets on the box via ipfw it's fine, the second >> it has to make a routing decision everything goes out the window, it >> seems. There's 100% packet loss on all protocols. I'm not using NAT, >> there are real IPs in different C classes on the other side of the box. >> > > Is that something that would occur normally? Or is this a > worst-case/stress-test trying to break things? How are you generating > the packets? > > I'm not a network guru, and haven't done much in the way of > network-related stress-testing, but I'm always looking for ways to do so. > > -- Justin _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to "[EMAIL PROTECTED]"
does disabling sacks harden agsint syn floods then? I agree 1mbps of syn is a weak flood. Chris _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to "[EMAIL PROTECTED]"
