From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 07BEA3B2A4 for ; Tue, 6 Oct 2020 06:52:46 -0400 (EDT) Received: by mail-qk1-x72a.google.com with SMTP id z6so7550720qkz.4 for ; Tue, 06 Oct 2020 03:52:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:content-transfer-encoding:mime-version:subject:message-id:date :cc:to; bh=Kmf79qVH6kSVOJJW+3SFJ/78RVe0c7MIbMvC6SJfsSo=; b=n04D5Xye7uW7RJGbyOxt15nT+t7q0cCFCuLyxYx6LHDYDXUGWJtdvDS5B/XTrLtkyY 2247DZkNKEW176OOShbcw4jED3BX5CEuMODU7S2vKscXyk2FClBj00y+ki38AtERMrnX tVn60ipUmgV8Qj9UJr1Tm1YsPhDcmbNyKNxWNWz03JpleqV2OHFfJTGu9iDEkM3V1Z4I r0jZpvNi1uoZHdyYyBki8kVW8EOwOKf6paMi75BKKrYdQUh9VcHh5EWT8q0R52Lxl3wU 2s8BOGT+wvX/o/8eibse2YH6rgRMTJZpw81jA01h6s8yDgN9Vg140qAx8IdKCt94Rqhw Oa4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:cc:to; bh=Kmf79qVH6kSVOJJW+3SFJ/78RVe0c7MIbMvC6SJfsSo=; b=DCbKwlkkOT4d0nB6NVQYvs3Hnndo0hyG/GmnG/eJVXNbLGAGgeFUYUolNii2yguoWA zqXi0t//HbKpe5wPq5go9Ha734yN66o1c2LUitc4eWjWYu8SsSYDnkkxrT0rsP69Hhxh Zo6TrLHYrnyaq2Qcls1LOXhoEsX+DL1lf3hTOzqM/YX0RT5KxSt5lypj9g+S1sCgz3r4 F4xWzTEeGMs5P+59U69Mxj/1aTTxJkSik8hEJZkzAULqTQb8U+hkLIZuJS5bjJyJgIx4 3v2jTNV/A0R8zR9YZtec9w6HDMZ2+6CyvpqqOGghAXByJhxmU7KDb0BiZgDI0/8uZzFX KG5w== X-Gm-Message-State: AOAM532j8kelGET5j1Tc2ERU52OYb2kmmLU1G6ptZejkiB8IJJqMq8us LuoR40zAA8gGUo6aFkwDImIx7+RjMbR1xQ== X-Google-Smtp-Source: ABdhPJwtQB8qI8E8/1YNIE26fvgeCvE0D5XZXyOT1f0tQkm0CnBuCr1WmunlI5u018vD+M22XZ+IUQ== X-Received: by 2002:a05:620a:4d:: with SMTP id t13mr4320803qkt.289.1601981566238; Tue, 06 Oct 2020 03:52:46 -0700 (PDT) Received: from ?IPv6:2001:470:8c46:0:f989:8cf8:d5be:9da1? ([2001:470:8c46:0:f989:8cf8:d5be:9da1]) by smtp.gmail.com with ESMTPSA id 16sm2181004qks.102.2020.10.06.03.52.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Oct 2020 03:52:45 -0700 (PDT) From: Rich Brown Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Message-Id: <2F8AA6E5-93F7-4FB2-A57F-10F7642F3092@gmail.com> Date: Tue, 6 Oct 2020 06:52:43 -0400 Cc: "Richard E. Brown" To: bloat X-Mailer: Apple Mail (2.3608.120.23.2.4) Subject: [Bloat] netperf server news X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 10:52:47 -0000 To the Bloat list, I had some time, so I looked into what it might take to keep the = netperf.bufferbloat.net server on-line in the face of an unwitting = "DDoS" attack - automated scripts that run tests every 5 minutes 24x7. = The problem was that these tests would blow through my 4TB/month = bandwidth allocation in a few days. In the past, I had been irregularly running a set of scripts to count = incoming netperf connections and blacklist (in iptables) those whose = counts were too high. This wasn't good enough: it wasn't keeping up with = the tidal wave of connections. Last week, I revised those scripts to work as a cron job. The current = parameters are: run the script every hour; process the last two days' of = kern.log files; look for > 500 connections; drop those addresses in = iptables. There are currently 479 addresses blacklisted in iptables (that explains = why the bandwidth was being consumed so quickly). There are only a few = new addresses being added per day, so it seems that we have flushed out = most of the abusers. My questions for this august group: 1) The server at netperf.bufferbloat.net is up and running. I get full = rate speed from my 7mbps DSL circuit, but that's not much of a test. I = would be interested to hear your results. 2) The current threshold comes from this estimate: most speed tests use = 10 connections: 5 connections up and 5 down. So 500 connections would = permit about 50 tests over the course of two days. Is that enough for = "real research"? (If you need more, I can add your address to my = whitelist file...) 3) I would be pleased to get comments on the set of scripts. I'm a = newbie at iptables, so it wouldn't hurt to have someone else check the = rules I devised. See the README at = https://github.com/richb-hanover/netperfclean Thanks. Rich