[21907] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Stefan Laudat)
Thu Jul 26 18:27:34 2001
Date: Thu, 26 Jul 2001 01:59:59 +0300
From: Stefan Laudat <stefan@mail.allianztiriac.ro>
To: Paul Sack <paulsack@mail.utexas.edu>
Cc: bugtraq@securityfocus.com
Message-ID: <20010726015959.C31276@allianztiriac.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSO.4.33.0107251557290.10347-100000@jefe.2y.net>; from paulsack@mail.utexas.edu on Wed, Jul 25, 2001 at 04:06:41PM -0500
> Most UDP packets should be firewalled from the Internet.
Agree.
> This is only really useful if someone has access to the local network. Is
> Linux/UP actually *locking* or just temporarily unresponsive? Also, it is
> invalid to compare Windows ME running on $3000 hardware with Linux/*BSD
> running on an old Pentium. Are you running all of this on the same
> hardware? Obviously faster hardware is going to be affected less by a UDP
> flood. How about the network cards?
Identical network cards for Win2k, Linux SMP and OpemBSD processor (Intel
Pro 100). Linux was run on dual p3/1Ghz(SMP), Pentium2/400Mhz and P3/800Mhz
(UP). Windows 2000 was run on p3/1Ghz UP. I've made tests with same results
against Linux UP boxes running on Celeron/600 with 3com Vortex and realtek
8139 NICs. I've outlined that the result is the same no matter if you hit
via 1Gbit or 100Mbit.
> I am suspicious that you are just comparing hardware, given that different
> versions of W2K perform much differently in your analysis. (You said the
> load was server: 35%, professional: 60%) I somehow doubt that MS tuned the
> network stack so much on the ``server'' version & wouldn't do the same on
> the ``professional'' version.
Some of the Linux servers have just the same configuration with the w2k
servers. The reaction IS different. That's what amazes me. Also WinME was
run on a cheap p2/350 box with an old intel NIC. No slowdown at all :(
> I bet a Sun E10K with lots of NICs could flood the Sun UE3500 with lots of
> NICs, but that probably doesn't mean that the Solaris 8 network stack is
> better than the Solaris 8 network stack; it's because the E10K is faster.
well then someone will clear all this stuff for me.
--
Stefan Laudat
CCNA,CCAI
Senior Network Engineer
Allianz-Tiriac SA
"Let's call it an accidental feature."
-- Larry Wall
