Wait until you see a DoS attack at 2 million pps with random source ips and ports and dst ports and tcp flags and the only consistant thing about the entire attack is the destination ip :> can we say.. Null route quick!! Paul xerox@foonet.net http://www.httpd.net -----Original Message----- From: Florian Weimer [mailto:fw@deneb.enyo.de] Sent: Wednesday, June 11, 2003 3:48 PM To: ralph+d@istop.com Cc: Jamal Hadi; Pekka Savola; CIT/Paul; 'Simon Kirby'; 'David S. Miller'; netdev@oss.sgi.com; linux-net@vger.kernel.org Subject: Re: Route cache performance under stress Ralph Doncaster <ralph@istop.com> writes: >> Assuming the attacker has a 100mbps link to you, yes ;-> > > A script kiddie 0wning a box with a FE connection is nothing. During > what was probably the worst DOS I got hit with, one of my upstream > providers said they were seeing about 600mbps of traffic related to > the attack. Yes, these numbers keep growing. By today's standards, 6000 Mbps shouldn't be too surprising. 8-( One of the servers I keep running was recently flooded with 1500-byte UDP packets, Fast Ethernet line rate. It definitely happens if your pipes are fat enough. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
