> There is a popular software that runs on MS platform called "download
> accelerator". This opens several threads for a download job (each one
> downloading a portion of the file), sometimes even using mirror sites.
> However, it not only grabs whole bandwidth, but makes it hard for other
> machines to even ping each other the return time being around 5-10 seconds on a
> 100 Mbps network! The download process is getting only 64 kbps from the
> Internet. Internet access is virtually impossible for the other machines.
Firewall them off. There are also apache hacks for spotting the
download accelerator device and blocking the user for good.
> I monitored network traffic with tcpdump, and noticed that those packets don't
> have tcp timestamps and tcp sack. I turned them off on my Linux box using
> sysctl, and also tried turning on ECN without success.
They will tend to come from older windows boxes, the timestamp/sack stuff
is unrelated
> This is of course a DoS in disguise, and is there a way to stop it?
Turning off byte range support in the web server works suprisingly well for
it. Another non hacking code approach would be to set up CBQ or other
bandwidth limiters so that the users of download accelerator get no
benefit. The advantage of the apache hacks is that you can make them
actually suffer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 31 2001 - 21:00:30 EST