On Wed, Jul 22, 2015 at 08:37:25AM -0700, David Ranch wrote:
- Was this "telescope" experiment a recent change to the system or
has this been there for a long time?
That configuration was there for many years; it's only in the face of the tremendous number of scans we're seeing that it became a problem. It's a non-linear thing: as long as the amount of incoming crud stays below a threshold the system doesn't lose packets, and when the crud exceeds that threshold the system suffers congestive collapse.
- Is there a specific reason why you're using FreeBSD vs. Linux?
I would assume that linux's iptables is threaded and could perform better but I don't know for sure.
I don't know either. The existing system was designed when Linux was still a toy and so it wasn't a consideration. I don't know if Linux would be superior in this precise environment; I know that in tests I've made, Linux has shown poorer network performance than FreeBSD.
And historically, the UC system invented BSD and as a result I know it much better than I know Linux. Perhaps someone with enough time on their hands could implement this configuration on both systems and make a definitive comparison.
- I liked Tom Hayward's idea to automatically filter netblocks
that aren't activated in the portal / DNS. That seems like a very cheap way to knock out known bogus traffic. Ideally this would be done at the farthest edge of the network to prevent the traffic from ever even reaching the Dell server.
It's a good idea but unfortunately impractical; to do so requires administrative access to the campus border router that we don't have. - Brian