Date: Fri, 21 Jan 2000 16:55:02 -0600 (CST) From: Gene Harris <zeus@tetronsoftware.com> To: Wes Peters <wes@softweyr.com> Cc: Brett Glass <brett@lariat.org>, freebsd-security@freebsd.org Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <Pine.BSF.4.10.10001211649440.4460-100000@tetron02.tetronsoftware.com> In-Reply-To: <3888DF96.33157880@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Wes, SP5 and SP6 made some pretty big revisions to the TCP stack. That's why I was meticulous on reporting SP6a. It does make a difference. I am now sitting here with the machine hooked to a 100 MB network with the attacking machine on the other side of a T3 at telepath.com. We cannot see any affect on the NT Server, running IIS and SQL Server as a custom web provider. This is a production machine. *==============================================* *Gene Harris http://www.tetronsoftware.com* *FreeBSD Novice * *All ORBS.org SMTP connections are denied! * *==============================================* On Fri, 21 Jan 2000, Wes Peters wrote: > Brett Glass wrote: > > > > At 02:18 PM 1/21/2000 , Gene Harris wrote: > > > > >After eight hours of testing, in which I have been > > >bombarding the NT 4.0 SP6a Server, the CPU usage on an > > >unloaded machine jumped to 27%. However, when I started up > > >Oracle 8.05 and ran a rather lengthy query against a 400MB > > >database, no distinguishable differences exist in the query > > >time between a machine under attack and one not under > > >attack. > > > > A poor test, IMHO. It's disk-intensive and CPU-intensive, > > but not network-intensive. Also, other conditions can > > affect the results. Were the machines on a network with > > a live gateway router? Remember, traffic to, from, and > > through the router is significant, since one of the > > effects of the exploit is to cause a storm of packets > > on the local LAN. > > > > I've made an NT/IIS server virtually inaccessible using > > the same exploit. > > We have NT 4.0 Server (SP4) running on a P5/200 here, 128 MB RAM, EEPro > 10/100. On a 100Base-TX HDX isolated LAN, hitting it with the packets/ > second set to 1000 resulted in poor system performance; changing that to > 10.000 resulted in the machine almost immediately crashing all the way > to the BIOS boot. > > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters Softweyr LLC > wes@softweyr.com http://softweyr.com/ > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001211649440.4460-100000>