Try -current[0]. I think henning will be glad to hear how his new toy works in the field.
martijn@ [0] https://marc.info/?l=openbsd-cvs&m=151796069324365&w=2 On 02/12/18 01:26, Martin Hanson wrote: > Hi, > > I have a home network that is segmented into 3 different zones using a NIC > with 4 ports sitting on an OpenBSD firewall/dhcp server. One port is > connected to the Internet (ISP router) and each of the three others has a > D-Link DGS-1005D switch connected to each. > > So.. > > LAN1 = 192.168.1.0 > LAN2 = 192.168.2.0 > LAN3 = 192.168.3.0 > > Learning more about networking I wanted to test a SYN flood so I set up a > couple of boxes on LAN1 and LAN3 to flood a box on LAN2. I used "hping3" with > the "S" and "flood" options. > > Running a regular ping in a terminal I could see how the response time > decreased and eventually the box began to loose packages. > > However after a while it seemed like the entire internal network went down. > > No box on any LAN could get an IP address from the DHCP server on the OpenBSD > box. > > I eventually rebooted the OpenBSD box, but that didn't immediately help, and > only after powering down the switches and powering the switches on again, > everything worked again. > > I have been looking through the PF documentation to see if PF somehow blocks > SYN flooding, but I am not using synproxy on any rules. > > What could cause such a "melt down" of the entire network because of a SYN > flood to a box? > > I suspect that the D-Link switches are pretty bad and maybe are the cause of > the problem? > > I eventually will try again to see if I can determine what's causing the > "melt down", but I want to know if anyone perhaps has experienced similar > results during some testing? > > Many thanks in advance. > > Kind regards, > > Martin >
