Hi, I have a home network that is segmented into 3 different zones using a NIC with 4 ports sitting on an OpenBSD firewall/dhcp server. One port is connected to the Internet (ISP router) and each of the three others has a D-Link DGS-1005D switch connected to each.
So.. LAN1 = 192.168.1.0 LAN2 = 192.168.2.0 LAN3 = 192.168.3.0 Learning more about networking I wanted to test a SYN flood so I set up a couple of boxes on LAN1 and LAN3 to flood a box on LAN2. I used "hping3" with the "S" and "flood" options. Running a regular ping in a terminal I could see how the response time decreased and eventually the box began to loose packages. However after a while it seemed like the entire internal network went down. No box on any LAN could get an IP address from the DHCP server on the OpenBSD box. I eventually rebooted the OpenBSD box, but that didn't immediately help, and only after powering down the switches and powering the switches on again, everything worked again. I have been looking through the PF documentation to see if PF somehow blocks SYN flooding, but I am not using synproxy on any rules. What could cause such a "melt down" of the entire network because of a SYN flood to a box? I suspect that the D-Link switches are pretty bad and maybe are the cause of the problem? I eventually will try again to see if I can determine what's causing the "melt down", but I want to know if anyone perhaps has experienced similar results during some testing? Many thanks in advance. Kind regards, Martin
