22 Jul
2015
22 Jul
'15
11:17 a.m.
On Wed, Jul 22, 2015 at 08:37:25AM -0700, David Ranch wrote:
1. Was this "telescope" experiment a
recent change to the system or
has this been there for a long time?
That configuration was there for many years; it's only in the face of
the tremendous number of scans we're seeing that it became a problem.
It's a non-linear thing: as long as the amount of incoming crud stays
below a threshold the system doesn't lose packets, and when the crud
exceeds that threshold the system suffers congestive collapse.
2. Is there a specific reason why you're using
FreeBSD vs. Linux?
I would assume that linux's iptables is threaded and could perform
better but I don't know for sure.
I don't know either. The existing system was designed when Linux was
still a toy and so it wasn't a consideration. I don't know if Linux
would be superior in this precise environment; I know that in tests
I've made, Linux has shown poorer network performance than FreeBSD.
And historically, the UC system invented BSD and as a result I know it
much better than I know Linux. Perhaps someone with enough time on
their hands could implement this configuration on both systems and
make a definitive comparison.
3. I liked Tom Hayward's idea to automatically
filter netblocks
that aren't activated in the portal / DNS. That seems like a very
cheap way to knock out known bogus traffic. Ideally this would be
done at the farthest edge of the network to prevent the traffic from
ever even reaching the Dell server.
It's a good idea but unfortunately impractical; to do so requires
administrative access to the campus border router that we don't have.
- Brian