[26859] in North American Network Operators' Group
Re: New form of packet attack named Stream
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Jan 24 14:46:02 2000
To: nanog@merit.edu
From: Paul Vixie <vixie@mibh.net>
Date: 24 Jan 2000 11:15:36 -0800
In-Reply-To: jamie@dilbert.exodus.net's message of "20 Jan 2000 13:32:04 -0800"
Message-ID: <g3wvozb7s7.fsf@redpaul.mibh.net>
Errors-To: owner-nanog-outgoing@merit.edu
A better-late-than-never followup:
jamie@dilbert.exodus.net (Jamie Rishaw) writes:
> Unless you are
> Vixie
> ...
> A major s/w key figure
> or comparable entity
>
> .. or someone that knows me IRL, and has for some time .. please do not
> e-mail me asking for the code.
I sent Jamie a request, and he sent me the code (thanks!) and I read it and
indeed it's not real different from a lot of other synflooders out there (but
it sure is the cleanest implementation I've seen).
Someone from ISC ran it against F.ROOT-SERVERS.NET for a while, and while the
gross CPU usage went up, the rate of DNS response generation did not change.
Thus we concluded that a 4-CPU Alpha ES40 running Tru64 5.0 is "safe".
--
Paul Vixie <vixie@mibh.net>
SVP for Internet Services, MFNX
M.I.B.H. Inc. is a wholly owned subsidiary of Metromedia Fiber Network, Inc.
