Re: [squid-users] SYN flood attack

Dear Atit,

If Squid is using 40 to 50 % CPU then can u tell us is
that machine multi processor or single and also what
processor u r using and what about your mother borad
etcc......
what about your http request per second or minut. and
which Squid version u r using....+ which filesystem
for cache_dir diskd,aufs,ufs ?????

onething more can u disply output of the following
commands over here

vmstat 1 5
iostat
top -p squidprocessid

if you talk about SYN cookie load then yeah it will
increase load of CPU but 10 to 20 % when machine will
underattack not all time as I have lot of time
expiernece regarding that attack..

Best Regards,
Masood Ahmad Shah
System Administrator
Fibre Net
Lahore, Pakistan
Mobile # +923004277367

--- atit jariwala <atit@elitecore.com> wrote:
> Hello MASOOD AHMAD,
> thnaks for reply
>
> i also heard about enabling tcp_syncookies features
> can u tell me is ebabling this feature will take CPU
> utilization?
>
> i already have sufficient load on my cpu due to
> squid
> statistics of top says that i have on avg cpu
> utilizaton due to squid is
> 30 - 50 % and it varies with no of https reqs /sec
>
> so if u have any idea abt cpu consuption of enabling
> tcp_syncookies?
>
> waiting for reply
> thanks in advance.
> == atit
>
> ----- Original Message -----
> From: "MASOOD AHMAD" <masoodnt10@yahoo.com>
> To: "atit jariwala" <atit@elitecore.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Friday, April 04, 2003 11:55 AM
> Subject: Re: [squid-users] SYN flood attack
>
>
> > change your values for number of file descriptors
> and
> > compile your squid again.....
> >
> > /proc/sys/fs/file-max
> >
> > like
> >
> > echo 4096 > /proc/sys/fs/file-mac
> >
> > if you talk about SYN attack.......
> >
> > echo 1 > /proc/sys/net/ipv4/tcp_syncookies
> >
> > and increase the values of this
> >
> > echo 1000 >
> /proc/sys/net/ipv4/tcp_max_syn_backlog
> >
> >
> > Best Regards,
> > Masood Ahmad Shah
> > System Administrator
> > Fibre Net
> > Lahore, Pakistan
> > Mobile# +923004277367
> >
> > --- atit jariwala <atit@elitecore.com> wrote:
> > > I am using Redhat Linux 7.2 with Kernel 2.4 and
> > > Squid 2.5 stable1
> > >
> > > ----- Original Message -----
> > > From: "MASOOD AHMAD" <masoodnt10@yahoo.com>
> > > To: "atit jariwala" <atit@elitecore.com>
> > > Cc: <squid-users@squid-cache.org>
> > > Sent: Friday, April 04, 2003 10:53 AM
> > > Subject: Re: [squid-users] SYN flood attack
> > >
> > >
> > > > your both question file descriptors + SYN
> cookie
> > > > attack related to your Operating System not
> with
> > > > Squid.
> > > >
> > > > so tell us which operating system you are
> using
> > > then I
> > > > can help u.
> > > >
> > > > Best Regards,
> > > > Masood Ahmad Shah
> > > >
> > > >
> > > > --- atit jariwala <atit@elitecore.com> wrote:
> > > > > Hello SQUID Users
> > > > > I am using SQUID 2.5 STABLE1
> > > > > i faced SYN flood attck on my squid... and
> it
> > > caused
> > > > > squid to run out of
> > > > > file descriptor...
> > > > >
> > > > > does squid provides any support to prevent
> it?
> > > > > or is there any other solution to overcome
> it
> > > > >
> > > > > -- atit
> > > > >
> > > >
> > > >
> > > >
> __________________________________________________
> > > > Do you Yahoo!?
> > > > Yahoo! Tax Center - File online, calculators,
> > > forms, and more
> > > > http://tax.yahoo.com
> > > >
> > >
> >
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - File online, calculators,
> forms, and more
> > http://tax.yahoo.com
> >
>

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
Received on Fri Apr 04 2003 - 02:29:36 MST