Re: Firewalling and network resource consumption while under attack

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"
• Previous message: Larry McVoy: "Re: Interesting scheduling times - NOT"
• In reply to: david: "Re: Firewalling and network resource consumption while under attack"
• Next in thread: Carlos Morgado: "Re: Firewalling and network resource consumption while under attack"

You cannot regulate inbound traffic. You regulate outbound traffic at the
ISP end, and Linux 2.1.x can do exactly that, you can feed all syn frames
down a different CBQ class (even with its own routing table 8))

> Other hosts on this switched network were able to do traffic with just a
> slight bit of lag as they passed through the boundary router. Hosts on
> the same segment as the target were unable to establish or maintain flow
> of a current session with the target.

Ok that answers that question

> echo reply. I did not measure the performance of UDP. TCP connections
> showed up as the squeakiest wheel.

TCP will suffer the most on packet drops. Also if large frames are what
starts to suffer

> The ssh connections were all inside the local network. All other
> connections from and to the local network acted completely normal.

Ok. In which case Im not sure why you saw stalling.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"
• Previous message: Larry McVoy: "Re: Interesting scheduling times - NOT"
• In reply to: david: "Re: Firewalling and network resource consumption while under attack"
• Next in thread: Carlos Morgado: "Re: Firewalling and network resource consumption while under attack"