[dns-operations] Defending against DNS reflection amplification attacks

Robert Edmonds edmonds at isc.org
Wed Feb 20 19:25:55 UTC 2013

Jan-Piet Mens wrote:
> FYI, a paper (Feb 2013) titled "Defending against DNS reflection
> amplification attacks" at [1].
>         -JP
> [1] http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf

i had a brief look.  actually, i skipped straight to appendix E :)

i think measuring performance with process accounting (top, htop...) is
not such a great idea.  something like cyclesoak would probably be

    `cyclesoak' calculates CPU load by a subtractive method: a
    background cycle-soaking task is executed on all CPUs and
    `cyclesoak' measures how much the throughput of the background tasks
    is degraded by running the traffic.

    This means that ALL effects of networking (or other userspace +
    kernel activity) are measured - interrupt load, softirq handling,
    memory bandwidth usage, etc.  This is much more accurate than using
    Linux process accounting.


and "perf" is a great profiling tool for linux, too.

Robert Edmonds
edmonds at isc.org

More information about the dns-operations mailing list