[dns-operations] Defending against DNS reflection amplification attacks
Robert Edmonds
edmonds at isc.org
Wed Feb 20 19:25:55 UTC 2013
Jan-Piet Mens wrote:
> FYI, a paper (Feb 2013) titled "Defending against DNS reflection
> amplification attacks" at [1].
>
> -JP
>
> [1] http://www.nlnetlabs.nl/downloads/publications/report-rrl-dekoning-rozekrans.pdf
i had a brief look. actually, i skipped straight to appendix E :)
i think measuring performance with process accounting (top, htop...) is
not such a great idea. something like cyclesoak would probably be
better:
`cyclesoak' calculates CPU load by a subtractive method: a
background cycle-soaking task is executed on all CPUs and
`cyclesoak' measures how much the throughput of the background tasks
is degraded by running the traffic.
This means that ALL effects of networking (or other userspace +
kernel activity) are measured - interrupt load, softirq handling,
memory bandwidth usage, etc. This is much more accurate than using
Linux process accounting.
(http://www.tux.org/pub/sites/www.zip.com.au/%257Eakpm/linux/README.zc)
and "perf" is a great profiling tool for linux, too.
(https://perf.wiki.kernel.org/)
--
Robert Edmonds
edmonds at isc.org
More information about the dns-operations
mailing list