Other computers HIGHLY degrading network performance (DoS?)

Anuradha Ratnaweera (anuradha@gnu.org)
Fri, 26 Oct 2001 08:43:28 +0600


This is not a direct kernel issse. However, it is a serious threat for the
network performance of our Linux boxes, therefore I thought of posting it here.

There is a popular software that runs on MS platform called "download
accelerator". This opens several threads for a download job (each one
downloading a portion of the file), sometimes even using mirror sites.
However, it not only grabs whole bandwidth, but makes it hard for other
machines to even ping each other the return time being around 5-10 seconds on a
100 Mbps network! The download process is getting only 64 kbps from the
Internet. Internet access is virtually impossible for the other machines.

This program can run with a `normal download' mode and this doesn't cause a
big problem.

I monitored network traffic with tcpdump, and noticed that those packets don't
have tcp timestamps and tcp sack. I turned them off on my Linux box using
sysctl, and also tried turning on ECN without success.

This is of course a DoS in disguise, and is there a way to stop it?

I am thinking of setting up a firewall with netfilter and transparent proxy as
a workaround.

Thanks in advance.

Regards,

Anuradha

-- 

Debian GNU/Linux (kernel 2.4.13)

History books which contain no lies are extremely dull.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/