From owner-freebsd-net Thu Jun 22 0:53:14 2000 Delivered-To: freebsd-net@freebsd.org Received: from tts.tomsk.su (tts.tomsk.su [212.20.50.9]) by hub.freebsd.org (Postfix) with ESMTP id 40E4037C1D0 for ; Thu, 22 Jun 2000 00:53:09 -0700 (PDT) (envelope-from maksim@tts.tomsk.su) Received: from dragonland (unverified [212.20.50.12]) by tts.tomsk.su (Rockliffe SMTPRA 2.1.6) with SMTP id for ; Thu, 22 Jun 2000 15:40:49 +0800 From: "Maksimov Maksim" To: Subject: RE: How defend from stream2.c attack? Date: Thu, 22 Jun 2000 15:40:57 +0800 Message-ID: <002c01bfdc1d$348b9b30$0c3214d4@dragonland.tts.tomsk.su> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Importance: Normal Disposition-Notification-To: "Maksimov Maksim" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm grasping at straws here, but maybe you need to configure > your kernel > with more mbufs. Output netstat -m before attack: 1/320/4096 mbufs in use (current/peak/max): 1 mbufs allocated to data 0/80/1024 mbuf clusters in use (current/peak/max) 240 Kbytes allocated to network (0% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Output netstat -m during attack: ...... 108/320/4096 mbufs in use (current/peak/max): 67 mbufs allocated to data 41 mbufs allocated to socket names and addresses 25/80/1024 mbuf clusters in use (current/peak/max) 240 Kbytes allocated to network (32% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines ........ 177/320/4096 mbufs in use (current/peak/max): 114 mbufs allocated to data 63 mbufs allocated to socket names and addresses 50/80/1024 mbuf clusters in use (current/peak/max) 240 Kbytes allocated to network (60% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines ........ 156/320/4096 mbufs in use (current/peak/max): 96 mbufs allocated to data 60 mbufs allocated to socket names and addresses 35/80/1024 mbuf clusters in use (current/peak/max) 240 Kbytes allocated to network (45% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines ......... Output netstat -m in 1 second after attack: 1/560/4096 mbufs in use (current/peak/max): 1 mbufs allocated to data 0/130/1024 mbuf clusters in use (current/peak/max) 400 Kbytes allocated to network (0% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines So you see - Nothing terrible! Problem is not in mbufs quantity. Problem in FreeBSD's TCP stack. > > Are your running stream2 on the machine that is freezing or on another > machine? I'm running stream2 on different machine: I'm attacked my FreeBSD boxes from RedHat 5.2 Linux (kernel 2.0.36 -0.7) Computer-attacker - RedHat 5.2 Linux (kernel 2.0.36 -0.7) (Pentium 200Mhz, networ card 10Mb) Computer-victim - FreeBSD 4.0-20000608-STABLE (i486 120Mhz, two network card 10Mb) FreeBSD 4.0-20000608-STABLE (i486 100Mhz, two network card 10Mb) All computers - and victims, and attacker - connected to same LAN (switched Ethernet on 3Com 10/100 Switch Super Stack II) Best regards, Maks Maksimov mailto:maksim@tts.tomsk.su To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message