Thanks for the feedback. Some responses:
1) I'm glad that people are seeing reasonable speeds from the VPS. (I don't
know what I can do to make it go faster, so I'm relieved...)
2) I don't think I posed the right question for the number-of-tests threshold.
(Most of the responses were like, "Sure, that sounds like enough..." Let me
reframe the question:
In your normal testing/troubleshooting process, what is the maximum
number of tests YOU might need to run in any two-day period?
3) If you can't get through to netperf.bufferbloat.net, send me your IP address
because it might have been blacklisted.
Thanks!
Rich
> On Oct 6, 2020, at 6:52 AM, Rich Brown <richb.hano...@gmail.com> wrote:
>
> To the Bloat list,
>
> I had some time, so I looked into what it might take to keep the
> netperf.bufferbloat.net server on-line in the face of an unwitting "DDoS"
> attack - automated scripts that run tests every 5 minutes 24x7. The problem
> was that these tests would blow through my 4TB/month bandwidth allocation in
> a few days.
>
> In the past, I had been irregularly running a set of scripts to count
> incoming netperf connections and blacklist (in iptables) those whose counts
> were too high. This wasn't good enough: it wasn't keeping up with the tidal
> wave of connections.
>
> Last week, I revised those scripts to work as a cron job. The current
> parameters are: run the script every hour; process the last two days' of
> kern.log files; look for > 500 connections; drop those addresses in iptables.
>
> There are currently 479 addresses blacklisted in iptables (that explains why
> the bandwidth was being consumed so quickly). There are only a few new
> addresses being added per day, so it seems that we have flushed out most of
> the abusers.
>
> My questions for this august group:
>
> 1) The server at netperf.bufferbloat.net is up and running. I get full rate
> speed from my 7mbps DSL circuit, but that's not much of a test. I would be
> interested to hear your results.
>
> 2) The current threshold comes from this estimate: most speed tests use 10
> connections: 5 connections up and 5 down. So 500 connections would permit
> about 50 tests over the course of two days. Is that enough for "real
> research"? (If you need more, I can add your address to my whitelist file...)
>
> 3) I would be pleased to get comments on the set of scripts. I'm a newbie at
> iptables, so it wouldn't hurt to have someone else check the rules I devised.
> See the README at https://github.com/richb-hanover/netperfclean
>
> Thanks.
>
> Rich
>
_______________________________________________
Bloat mailing list
Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat
