Alan Cox writes:
> You only think that. After a few minutes the kiddie pulls down your routing
> because your route daemons execute no code. Also during the attack your sshd
> wont run so you cant log in to find out what is up
Indeed.
I have a real example from a university core router with BGP and full
Internet routing. I managed to get in via ssh during the DoS attack.
We see that the 5 min dropping rate is about the same as the input
rate. The duration of this attack was more half an hour and BGP survied
and the box was pretty manageable. This was with a hacked tulip driver
switching to RX-polling at high loads.
eth2: UP Locked MII Full DuplexLink UP
Admin up 6 day(s) 13 hour(s) 47 min 51 sec
Last input NOW
Last output NOW
5min RX bit/s 23.9 M
5min TX bit/s 1.1 M
5min RX pkts/s 46439
5min TX pkts/s 759
5min TX errors 0
5min RX errors 0
5min RX dropped 47038
5min TX dropped 0
5min collisions 0
Well, this was a router but I think we very soon have the same demands for
most Internet servers.
Cheers.
--ro
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:37 EST