|
Hello,
On Wed, 17 Jul 2002, Peter Mueller wrote:
> > > Is this PCI bus the cause for 87% utilization at ~21000 packets/sec?
> >
> > Yes, in my tests I observe speed x 2 when on PCI 66MHz.
>
>
> How do you get up to 80k-110k syns/sec? It seems like my machines are
> almost fully loaded at 21k sync/sec and even with 66mhz PCI I would only get
> 42k syns/sec. :(
The hardware is guilty for this improvement :) I started
the flood from 3 clients. On average 33MHz MBs the 20-25KP/s is
normal, the director receives them and later sends them.
> I plan on implementing some syns/sec controls into iptables on my directors
> for DOS control to mitigate this, but it is still a little worrying..
Yes, use iptables limit or QoS to limit the SYN rate to
some reasonable values.
> P
Regards
--
Julian Anastasov <ja@xxxxxx>
|
