[ratelimits] can't make qps-scale change effective slip
Irwin Tillman
irwin at princeton.edu
Mon Jan 7 17:01:24 UTC 2013
From: Vernon Schryver <vjs at rhyolite.com>
>Perhaps it would make more sense and you wanted the slip rate to
>increase by the ratio, perhaps changing to (1/(60/7200))*2=240.964.
>That would result in 240 dropped responses, 1 truncated response, 240
>dropped, 1 truncated response, and so on.
>
>Simultaneously increasing slip and decreasing responses-second by
>the ratio would result in the about the same number of output
>packets/second during the attack. Perhaps slip should be increased
>by the square of the ratio. I don't know.
>
>What do you think qps-scale should do?
I must admit, I don't know.
I'm unsure of what result I should be aiming for.
Looking at my 7200 queries/second "foo ANY?" attack,
I was happy with the result from 'responses-per-second 10',
but felt umcomfortable sending 3600 truncated responses per second
(using default 'slip 2') to the victim.
Of course, it was a lot better than sending 7200 full-size responses/second
to the victim, but I suspect I was still saturating some victims.
I've changed slip to 10, so now I'm sending 720 truncated responses per second
to those victim. It still seems to me like a lot, but I'm unsure
how to improve matters besides turning off slip entirely. On the other
hand, I imagine that with slip 10, I'm already defeating the purpose of slip.
More information about the ratelimits
mailing list