From owner-freebsd-current Tue Dec 1 08:07:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA12242 for freebsd-current-outgoing; Tue, 1 Dec 1998 08:07:11 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from Genesis.Denninger.Net (kdhome-2.pr.mcs.net [205.164.6.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA12224 for ; Tue, 1 Dec 1998 08:07:09 -0800 (PST) (envelope-from karl@Genesis.Denninger.Net) Received: (from karl@localhost) by Genesis.Denninger.Net (8.9.1/8.8.2) id KAA55753; Tue, 1 Dec 1998 10:06:33 -0600 (CST) Message-ID: <19981201100633.A55743@Denninger.Net> Date: Tue, 1 Dec 1998 10:06:33 -0600 From: Karl Denninger To: "Open Systems Inc." , John Saunders Cc: Matthew Dillon , freebsd-current@FreeBSD.ORG Subject: Re: D.O.S. attack protection enhancements commit (ICMP_BANDLIM) References: <005b01be1cf6$e6368da0$6cb611cb@saruman.scitec.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Open Systems Inc. on Tue, Dec 01, 1998 at 09:59:44AM -0600 Organization: Karl's Sushi and Packet Smashers X-Die-Spammers: Spammers will be LARTed and the remains fed to my cat Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG That's not true. While under attack, a system will consume *outrageous* numbers of buffers. There is no reason to "size" for such events; the fix is as Matt described, in that there is no reason for the system to make available resources that cannot be *productively* consumed. Ergo, dropping the traffic BEFORE it can consume buffers is the correct course of action. -- -- Karl Denninger (karl@denninger.net) http://www.mcs.net/~karl I ain't even *authorized* to speak for anyone other than myself, so give up now on trying to associate my words with any particular organization. On Tue, Dec 01, 1998 at 09:59:44AM -0600, Open Systems Inc. wrote: > On Tue, 1 Dec 1998, John Saunders wrote: > > > Q1: Why does FreeBSD crash or become totally unstable under > > what can only be described as high network load? > > The ONLY thing I can think of is that people dont know to increase > MAXUSERS to keep enough mbuf's avalable for the load they carry. > Thats the only thing I have ever seen take down a loaded FBSD server. > It just runs out of mbuf's and goes poof. > > Chris > > "If you aim the gun at your foot and pull the trigger, it's UNIX's job to > ensure reliable delivery of the bullet to where you aimed the gun (in > this case, Mr. Foot)." -- Terry Lambert, FreeBSD-Hackers mailing list. > > ===================================| Open Systems FreeBSD Consulting. > FreeBSD 2.2.7 is available now! | Phone: 402-573-9124 > -----------------------------------| 3335 N. 103 Plaza #14, Omaha, NE 68134 > FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net > http://www.freebsd.org | Consulting, Network Engineering, Security > ===================================| http://open-systems.net > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te > gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC > foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z > d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb > NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv > CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 > b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= > =BBjp > -----END PGP PUBLIC KEY BLOCK----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message