On Wed, 19 Jan 2011 07:10:33 +0700, Ted Unangst <ted.unan...@gmail.com>
wrote:
On Tue, Jan 18, 2011 at 6:40 PM, David Gwynne <l...@animata.net> wrote:
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:
My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during rootkits attacks on one of our collocated
costumer, on
an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still
responsive (I get to ssh-ed the machine and see systat).
where were you reading this 1.3Mpps value from?
I think David is asking because 1.3Mpps and 80Mbps implies your
traffic consists of 8 byte packets, which may be enough for source and
destination IP addresses, but doesn't leave room for the port numbers.
:)
It's on the total IPKTS and OPKTS on systat vmstat, this is the captured
packets.
00:15:17:49:03:b4 00:15:17:49:02:31 0800 92: 202.43.64.61.49334 >
168.144.196.66.53: [udp sum ok] 29556 updateM [b2&3=0x6400] [0q] [83au]
(50) (ttl 62, id 14151, len 78)
00:15:17:49:03:b4 00:15:17:49:02:31 0800 92: 202.43.64.61.49334 >
168.144.196.66.53: [udp sum ok] 29556 updateM [b2&3=0x6400] [0q] [83au]
(50) (ttl 62, id 14154, len 78)
00:15:17:49:03:b4 00:15:17:49:02:31 0800 92: 202.43.64.61.49334 >
168.144.196.66.53: [udp sum ok] 29556 updateM [b2&3=0x6400] [0q] [83au]
(50) (ttl 62, id 14157, len 78)
00:15:17:49:03:b4 00:15:17:49:02:31 0800 92: 202.43.64.61.49334 >
168.144.196.66.53: [udp sum ok] 29556 updateM [b2&3=0x6400] [0q] [83au]
(50) (ttl 62, id 14160, len 78)
Thanks,
Insan Praja
--
Using Opera's revolutionary email client: http://www.opera.com/mail/
