I finally got around to implementing Jonathan Foulkes' suggestion and set up the `netserver` at
netperf.bufferbloat.net to require a passphrase - `netserver -Z passphrase`
I have set up a daily passphrase change - people can get the current day's value at
netperf.bufferbloat.net. I have a cron job that runs at 00:01 to kill all the `netserver` processes, regenerate a passphrase, and restart with the new passphrase. The web server substitutes that passphrase into the web page, so people can get a fresh copy every day. You can see the machinery at my repo:
https://github.com/richb-hanover/Netperf-with-passphrase
I also updated the `betterspeedtest.sh` script to pass through a `-Z passphrase` option if it's specified. See
Hopefully, this will eliminate the problem I was having: blowing through my VPS traffic limit (4TBytes) in the first few days of the month... (It'll also be interesting to see how many people retrieve the passphrase each day...)
Comments and field reports (positive and negative) welcomed. Thanks
Rich
PS I wonder if it adding a `-Z` option to flent or other netperf cients would be useful
Hi Rich,
Sure, here's what we did to protect our Netperf servers: Require a password to run netperf (it's a command line parameter on the client), and rotate the password regularly.
This means users will need to sign up for access, and get an email every time the password is rotated. That way you know who is using (or abusing) the services. If it is being abused, knock out the abuser from the list, and rotate the pwd.
Use different passwords for each server to have fine-grained access controls.
I hope that helps,