NAP/ISP Saturation WAS: Re: Exchanges that matter...

Tony Li tli at jnx.com
Thu Dec 19 22:42:39 UTC 1996


   The fact remains that a ping packet stream a Linux 386SX would barely
   notice maxes out a 7010 (far more powerful CPU) 

Bzzzt.  That's a 30Mhz 68040 you're talking about.  You're 386SX is on par
if not ahead.  And you might recall that it's handled at process level,
whereas Linux does it at kernel level (or at least other Unixen do).

   Rather and obvious DoS attack, and one which even MS were red faced
   enough to fix in their NT s/w pretty sharpish.

You can DoS attack anything with echos.  Trying to make echo handling "fast
enough" is an untenable problem.  So you should simply drop them on the
floor...

Tony









More information about the NANOG mailing list