Re: New form of packet attack named Stream
A better-late-than-never followup: jamie@dilbert.exodus.net (Jamie Rishaw) writes:
Unless you are Vixie ... A major s/w key figure or comparable entity
.. or someone that knows me IRL, and has for some time .. please do not e-mail me asking for the code.
I sent Jamie a request, and he sent me the code (thanks!) and I read it and indeed it's not real different from a lot of other synflooders out there (but it sure is the cleanest implementation I've seen). Someone from ISC ran it against F.ROOT-SERVERS.NET for a while, and while the gross CPU usage went up, the rate of DNS response generation did not change. Thus we concluded that a 4-CPU Alpha ES40 running Tru64 5.0 is "safe". -- Paul Vixie <vixie@mibh.net> SVP for Internet Services, MFNX M.I.B.H. Inc. is a wholly owned subsidiary of Metromedia Fiber Network, Inc.
Paul Vixie wrote:
Someone from ISC ran it against F.ROOT-SERVERS.NET for a while, and while the gross CPU usage went up, the rate of DNS response generation did not change. Thus we concluded that a 4-CPU Alpha ES40 running Tru64 5.0 is "safe".
Jeesh. I'd sure hope a 4-CPU machine wouldn't take too much of a hit. :) -- North Shore Technologies, Cleveland, OH http://NorthShoreTechnologies.net Steve Sobol, President, Chief Website Architect and Janitor sjsobol@NorthShoreTechnologies.net - 888.480.4NET - 216.619.2NET One good thing about the Y2K hoopla: I haven't forgotten to write 2000 as the year on a single one of my checks! :)
participants (2)
-
Paul Vixie
-
Steve Sobol