[21924] in bugtraq
RE: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (David LeBlanc)
Fri Jul 27 02:36:22 2001
Reply-To: <dleblanc@mindspring.com>
From: "David LeBlanc" <dleblanc@mindspring.com>
To: "'Michal Zalewski'" <lcamtuf@gis.net>,
"'Stefan Laudat'" <stefan@mail.allianztiriac.ro>
Cc: <bugtraq@securityfocus.com>
Date: Thu, 26 Jul 2001 22:08:00 -0700
Message-ID: <00e001c1165a$9d341b30$0100a8c0@davenet.local>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <Pine.LNX.4.21.0107251732400.747-100000@nimue.bos.bindview.com>
> -----Original Message-----
> From: Michal Zalewski [mailto:lcamtuf@gis.net]
> > 3. Windows 2000 Server UP. - the system graphs jump from 2%
> cpu usage
> > (in a calm evening with no ongoing backups and domain
> > synchronizations) to approx. 35% and holds it steady.
> Windows are usually impacted by high-ratio packet floods.
Depends on the NIC, the driver, and the OS version. Very old versions of
NDIS weren't as efficient as more recent versions. Driver quality tends to
dominate the results.
> I believe you are actually testing link layer performance,
> PCI bus speed
> and network cards, not operating systems ;)
And NIC driver.
I've seen this happen more than once - Attacker is fast box tester writes
flood code on. Victim is some dilapidated system that should have been
retired. CPU gets pegged on victim, as it has a cheap NIC with bad drivers.
Person thinks they've found a new exploit. Some NICs work better than
others, and some drivers work better than others.
