Le 30 avr. 07 à 14:28, Pars Mutaf a écrit :
>>> - how many hops you can make w/ a packet sized 1280?
>
> Maybe I'm missing something, but the attacker wouldn't
> rather send millions of *very small* packets (to keep the
> routers busy) instead sending elephants??
This morning, just to test it on a Mac Mini, i pushed a little more
than 1MB/s of such RH0 packets (those you call "elephants") between a
Linux box (forwarding activated, pre 2.6.20.9) and the Mac (both
gigabit, directly connected). This is slide 35/57 of the
presentation. The Bandwidth monitor output on the Linux is below
(same on the Mac) :
Bandwidth Monitor 1.1.0
Iface RX(KB/sec) TX(KB/sec) Total(KB/sec)
eth0 45512.315 46102.463 91614.778
lo 0.985 0.985 1.970
[...]
I can ensure you that when you are limited by your upload bandwidth,
and only with few KB/s, you simply saturate a 100Mbit/s Ethernet link.
When you send millions of packets at X KB/s, the routers still have
to cope with that amount of bandwidth (X KB/s). "Elephants" simply
amplify your bandwidth between the 2 routers (44*X KB/s upload and
44*X KB/s download, as if there were almost 90 people like you on the
link).
Cheers,
a+
ps : 44 is the number of pairs of @ (rtr1, rtr2) in the RH0.
-- Arnaud Ebalard
EADS Innovation Works - IT Sec Research Engineer
PGP KeyID:047A5026 FingerPrint:47EB85FEB99AAB85FD0946F30255957C047A5026
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
