Date: Fri, 21 Jan 2000 16:27:57 -0500 From: Keith Stevenson <k.stevenson@louisville.edu> To: freebsd-security@freebsd.org Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <20000121162757.A7080@osaka.louisville.edu> In-Reply-To: <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> References: <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been doing my own testing. Against AIX 4.2.1 - no apparent effect Against HPUX 10.20 - Really effective DOS. Against FreeBSD 3-STABLE with ICMP rate limiting enabled - no effect Against Linux 2.2.10 - Really effective DOS. I was pushing 2.3 Mb/s out against the target machines. I didn't let it run for more than 3-4 minutes at a time. The HP and Linux box really bogged down. Network connections to them were being dropped and could not be re-established until the I stopped the attack. I was very happy with my FreeBSD servers. All are 3.4-STABLE with options "ICMP_BANDLIM" in the kernel. One of the machines I tested had TCP_RESTRICT_RST enabled. The ICMP_BANDLIM seemed to be the life saver. I got tons of "icmp-response bandwidth limit" messages in my syslog, but the load didn't climb and I was still able to provide network services from the target host. The machine which was running TCP_RESTRICT_RST in addition to ICMP_BANDLIM behaved exactly like the one without TCP_RESTRICT_RST. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000121162757.A7080>