Date: Fri, 21 Jan 2000 15:37:10 -0700 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Gene Harris <zeus@tetronsoftware.com>, freebsd-security@freebsd.org Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <3888DF96.33157880@softweyr.com> References: <4.2.2.20000120194543.019a8d50@localhost> <4.2.2.20000121141918.01a54ef0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
>
> At 02:18 PM 1/21/2000 , Gene Harris wrote:
>
> >After eight hours of testing, in which I have been
> >bombarding the NT 4.0 SP6a Server, the CPU usage on an
> >unloaded machine jumped to 27%. However, when I started up
> >Oracle 8.05 and ran a rather lengthy query against a 400MB
> >database, no distinguishable differences exist in the query
> >time between a machine under attack and one not under
> >attack.
>
> A poor test, IMHO. It's disk-intensive and CPU-intensive,
> but not network-intensive. Also, other conditions can
> affect the results. Were the machines on a network with
> a live gateway router? Remember, traffic to, from, and
> through the router is significant, since one of the
> effects of the exploit is to cause a storm of packets
> on the local LAN.
>
> I've made an NT/IIS server virtually inaccessible using
> the same exploit.
We have NT 4.0 Server (SP4) running on a P5/200 here, 128 MB RAM, EEPro
10/100. On a 100Base-TX HDX isolated LAN, hitting it with the packets/
second set to 1000 resulted in poor system performance; changing that to
10.000 resulted in the machine almost immediately crashing all the way
to the BIOS boot.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3888DF96.33157880>