[ratelimits] can't make qps-scale change effective slip

Irwin Tillman irwin at princeton.edu
Mon Jan 7 17:01:24 UTC 2013

From: Vernon Schryver <vjs at rhyolite.com>

>Perhaps it would make more sense and you wanted the slip rate to
>increase by the ratio, perhaps changing to (1/(60/7200))*2=240.964.
>That would result in 240 dropped responses, 1 truncated response, 240
>dropped, 1 truncated response, and so on.
>Simultaneously increasing slip and decreasing responses-second by
>the ratio would result in the about the same number of output
>packets/second during the attack.  Perhaps slip should be increased
>by the square of the ratio.  I don't know.
>What do you think qps-scale should do?

I must admit, I don't know.
I'm unsure of what result I should be aiming for.

Looking at my 7200 queries/second "foo ANY?" attack,
I was happy with the result from 'responses-per-second 10',
but felt umcomfortable sending 3600 truncated responses per second
(using default 'slip 2') to the victim.

Of course, it was a lot better than sending 7200 full-size responses/second
to the victim, but I suspect I was still saturating some victims.

I've changed slip to 10, so now I'm sending 720 truncated responses per second
to those victim.  It still seems to me like a lot, but I'm unsure
how to improve matters besides turning off slip entirely.  On the other 
hand, I imagine that with slip 10, I'm already defeating the purpose of slip.

More information about the ratelimits mailing list