Date: Thu, 22 Jun 2000 15:40:57 +0800 From: "Maksimov Maksim" <maksim@tts.tomsk.su> To: <freebsd-net@FreeBSD.ORG> Subject: RE: How defend from stream2.c attack? Message-ID: <002c01bfdc1d$348b9b30$0c3214d4@dragonland.tts.tomsk.su>
next in thread | raw e-mail | index | archive | help
> I'm grasping at straws here, but maybe you need to configure
> your kernel
> with more mbufs.
Output netstat -m before attack:
1/320/4096 mbufs in use (current/peak/max):
1 mbufs allocated to data
0/80/1024 mbuf clusters in use (current/peak/max)
240 Kbytes allocated to network (0% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
Output netstat -m during attack:
......
108/320/4096 mbufs in use (current/peak/max):
67 mbufs allocated to data
41 mbufs allocated to socket names and addresses
25/80/1024 mbuf clusters in use (current/peak/max)
240 Kbytes allocated to network (32% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
........
177/320/4096 mbufs in use (current/peak/max):
114 mbufs allocated to data
63 mbufs allocated to socket names and addresses
50/80/1024 mbuf clusters in use (current/peak/max)
240 Kbytes allocated to network (60% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
........
156/320/4096 mbufs in use (current/peak/max):
96 mbufs allocated to data
60 mbufs allocated to socket names and addresses
35/80/1024 mbuf clusters in use (current/peak/max)
240 Kbytes allocated to network (45% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
.........
Output netstat -m in 1 second after attack:
1/560/4096 mbufs in use (current/peak/max):
1 mbufs allocated to data
0/130/1024 mbuf clusters in use (current/peak/max)
400 Kbytes allocated to network (0% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
So you see - Nothing terrible!
Problem is not in mbufs quantity. Problem in FreeBSD's TCP stack.
>
> Are your running stream2 on the machine that is freezing or on another
> machine?
I'm running stream2 on different machine:
I'm attacked my FreeBSD boxes from RedHat 5.2 Linux (kernel 2.0.36 -0.7)
Computer-attacker - RedHat 5.2 Linux (kernel 2.0.36 -0.7) (Pentium 200Mhz,
networ card 10Mb)
Computer-victim - FreeBSD 4.0-20000608-STABLE (i486 120Mhz, two network
card 10Mb)
FreeBSD 4.0-20000608-STABLE (i486 100Mhz, two
network card 10Mb)
All computers - and victims, and attacker - connected to same LAN (switched
Ethernet on 3Com 10/100 Switch Super Stack II)
Best regards,
Maks Maksimov mailto:maksim@tts.tomsk.su
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01bfdc1d$348b9b30$0c3214d4>