From: "Simon Garner" <sgarner@expio.co.nz>
To: SBlaze <dagent.geo@yahoo.com>, netfilter@lists.netfilter.org
Subject: Re: a sort of n00b question here but I'ld like to know.
Date: Tue, 21 Oct 2003 15:33:35 +1300 [thread overview]
Message-ID: <016e01c3977b$d01a4520$0301a8c0@SIMON> (raw)
In-Reply-To: 20031021020302.80084.qmail@web40208.mail.yahoo.com
On Tuesday, October 21, 2003 3:03 PM [GMT+1200=NZT],
SBlaze <dagent.geo@yahoo.com> wrote:
> It would appear that most of the data that comes to me is udp and by
> unsolicited I mean that in stateful inspections they are NEW or
> INVALID connections. 98% of them are from my own IP range and are
> targeted at me or my ISP's broadcast address for my range. Alot of
> them are "valid" in that they are basically Windows RPC scans/virii
> and the like.
>
By 'your own IP range' I presume you mean your ISP's other customers?
> About the CPUT... thats what I'm wondering really. Is all this
> traffic silently choking my system. If it is I need to know.. if its
> not..then we know its probably just an OOB deal.
>
> You be the judge. I start my firewall when the box boots up. Pay
> special attention to the UDP rule. Note that in the 11 day up time we
> have 16 Million droppped UDP NEW/Invalid packets. Is this enough to
> choke down a Dual Pentium Pro 200mhz box?
>
That is a LOT of useless packets, but it shouldn't be anywhere near
enough to cause any problems for the machine, even a machine that old.
1945M of data over 12 days works out to about 2 kilobytes/second. I'm
sure your firewall regularly handles a lot more data than that. However,
depending on your connection speed this may be enough to cause latency
problems in interactive applications like games.
It's a difficult one because you're already blocking the data - but by
the time the data hits your firewall, it's too late, the bandwidth has
already been consumed. If you do think this is the cause of the problem,
you might need to talk to your ISP to see if they can filter it at their
end, unless anybody else has any ideas...
-Simon
next prev parent reply other threads:[~2003-10-21 2:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-21 0:02 a sort of n00b question here but I'ld like to know Daniel Chemko
2003-10-21 0:41 ` SBlaze
2003-10-21 1:08 ` Simon Garner
2003-10-21 1:24 ` SBlaze
2003-10-21 1:49 ` Simon Garner
2003-10-21 2:03 ` SBlaze
2003-10-21 2:33 ` Simon Garner [this message]
2003-10-21 2:49 ` SBlaze
2003-10-21 4:46 ` Alistair Tonner
2003-10-21 18:11 ` SBlaze
2003-10-21 21:12 ` Simon Garner
2003-10-21 22:36 ` SBlaze
2003-10-22 0:08 ` Alistair Tonner
2003-10-21 2:34 ` Jeffrey Laramie
2003-10-21 2:56 ` SBlaze
-- strict thread matches above, loose matches on Subject: below --
2003-10-21 19:44 Daniel Chemko
2003-10-20 23:37 Eric Marchionni
2003-10-20 1:39 SBlaze
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='016e01c3977b$d01a4520$0301a8c0@SIMON' \
--to=sgarner@expio.co.nz \
--cc=dagent.geo@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.