* [LARTC] Rate limiting, DoS
@ 2001-06-07 17:10 Adrian Chung
2001-06-07 17:24 ` Ramin Alidousti
0 siblings, 1 reply; 2+ messages in thread
From: Adrian Chung @ 2001-06-07 17:10 UTC (permalink / raw)
To: lartc
Hi everyone! Question about "rate limiting" and DoS mitigating
features of 2.4's iptables.
With iptables, it's possible to limit the acceptance of different
types of packets to a certain level, in order to try to mitigate DoS
attacks on the box (syn floods, ping floods, etc).
I realize that most DoS attacks happen as a result of the CPU being
unable to keep up, and not bandwidth limitations, but I'm unsure as to
why rate limiting packets works to lessen CPU processing load.
Doesn't the kernel still have to use cycles to process the packets
before deciding to throw them out, or pass them on? And if so, is the
cost savings in terms of CPU load just because they don't get passed
to other system facilities which would otherwise respond and use more
CPU cycles?
Or does this make any sense? :)
--
Adrian Chung (adrian at enfusion-group dot com)
http://www.enfusion-group.com/~adrian
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[rogue.enfusion-group.com] 1:10pm up 31 days, 23 min, 2 users
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] Rate limiting, DoS
2001-06-07 17:10 [LARTC] Rate limiting, DoS Adrian Chung
@ 2001-06-07 17:24 ` Ramin Alidousti
0 siblings, 0 replies; 2+ messages in thread
From: Ramin Alidousti @ 2001-06-07 17:24 UTC (permalink / raw)
To: lartc
On Thu, Jun 07, 2001 at 01:10:44PM -0400, Adrian Chung wrote:
> Hi everyone! Question about "rate limiting" and DoS mitigating
> features of 2.4's iptables.
>
> With iptables, it's possible to limit the acceptance of different
> types of packets to a certain level, in order to try to mitigate DoS
> attacks on the box (syn floods, ping floods, etc).
>
> I realize that most DoS attacks happen as a result of the CPU being
> unable to keep up, and not bandwidth limitations, but I'm unsure as to
> why rate limiting packets works to lessen CPU processing load.
>
> Doesn't the kernel still have to use cycles to process the packets
> before deciding to throw them out, or pass them on? And if so, is the
> cost savings in terms of CPU load just because they don't get passed
> to other system facilities which would otherwise respond and use more
> CPU cycles?
I think that DoS or dDoS are mainly affecting the kernel buffer usage.
Especially in case of the SYN flooding. The CPU cycle might also be a
problem but checking the packet as it comes in and dropping it is much
less CPU intensive as processing and routing the packet.
Ramin
>
> Or does this make any sense? :)
>
> --
> Adrian Chung (adrian at enfusion-group dot com)
> http://www.enfusion-group.com/~adrian
> GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
> [rogue.enfusion-group.com] 1:10pm up 31 days, 23 min, 2 users
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-06-07 17:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-06-07 17:10 [LARTC] Rate limiting, DoS Adrian Chung
2001-06-07 17:24 ` Ramin Alidousti
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox