Recently I noticed the following entries in one of my tcpdump logs..
17:10:20.103603 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 3383 NXDomain 0/1/0 (64) (frag 61464:72@0+)
17:10:21.170817 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 2208 NXDomain 0/1/0 (64) (frag 61636:72@0+)
17:10:22.241344 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 27079 NXDomain 0/1/0 (64) (frag 61813:72@0+)
17:10:23.261662 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 53003 NXDomain 0/1/0 (64) (frag 61998:72@0+) ... 100's of entries followed. All of them pointing to frag'd packets from ameritech's dns servers.
SBC's dns servers were under attack and sending out malformed packets for days... eventually I had to remove the dns entry altogether. They don't understand the need for network secruity. They don't seem to care about domains hosted on their dns servers, and they don't seem to understand that it bothers customers when they don't respond to incidents quickly. My 2 cents.
I already posted a darwin/bsd tool that can be used to implement ack packet priority. You can find it at http://www.intrarts.com/throttled.html. It does everything hbe describes in his whitepaper except it utilizes divert sockets instead of the openbsd packet filter. Hope you guys find it useful.
Just in case you don't run openbsd or linux (wondershaper) and are looking for ack packet priority, you can get throttled from http://www.intrarts.com/throttled.html and have the same functionality for Mac OS X and freebsd. It is great to see this information finally getting out to the public, as it does offer significant improvements in network performance.
throttled (http://intrarts.com/throttled.html) is currently available for Mac OS X and should compile fine on most bsd systems. It provides ack packet priority and bandwidth capping using divert sockets and ipfw. Not to mention, it is released under the GPL. Looks like Windows is the only platform that doesn't have a good solution for this problem.
Slashdot Mirror
This also crashes the latest IE release on OS X.
Recently I noticed the following entries in one of my tcpdump logs..
... 100's of entries followed. All of them pointing to frag'd packets from ameritech's dns servers.
17:10:20.103603 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 3383 NXDomain 0/1/0 (64) (frag 61464:72@0+)
17:10:21.170817 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 2208 NXDomain 0/1/0 (64) (frag 61636:72@0+)
17:10:22.241344 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 27079 NXDomain 0/1/0 (64) (frag 61813:72@0+)
17:10:23.261662 dns1.chcgil.sbcglobal.net.domain > 192.168.1.7.49372: 53003 NXDomain 0/1/0 (64) (frag 61998:72@0+)
SBC's dns servers were under attack and sending out malformed packets for days... eventually I had to remove the dns entry altogether. They don't understand the need for network secruity. They don't seem to care about domains hosted on their dns servers, and they don't seem to understand that it bothers customers when they don't respond to incidents quickly. My 2 cents.
I already posted a darwin/bsd tool that can be used to implement ack packet priority. You can find it at http://www.intrarts.com/throttled.html. It does everything hbe describes in his whitepaper except it utilizes divert sockets instead of the openbsd packet filter. Hope you guys find it useful.
Just in case you don't run openbsd or linux (wondershaper) and are looking for ack packet priority, you can get throttled from http://www.intrarts.com/throttled.html and have the same functionality for Mac OS X and freebsd. It is great to see this information finally getting out to the public, as it does offer significant improvements in network performance.
throttled (http://intrarts.com/throttled.html) is currently available for Mac OS X and should compile fine on most bsd systems. It provides ack packet priority and bandwidth capping using divert sockets and ipfw. Not to mention, it is released under the GPL. Looks like Windows is the only platform that doesn't have a good solution for this problem.