Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Fri, 26 Oct 2001 08:46:23 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Fri, 26 Oct 2001 08:46:13 -0400 Received: from lightning.swansea.linux.org.uk ([194.168.151.1]:5385 "EHLO the-village.bc.nu") by vger.kernel.org with ESMTP id ; Fri, 26 Oct 2001 08:46:04 -0400 Subject: Re: Other computers HIGHLY degrading network performance (DoS?) To: anuradha@gnu.org (Anuradha Ratnaweera) Date: Fri, 26 Oct 2001 13:53:08 +0100 (BST) Cc: linux-kernel@vger.kernel.org In-Reply-To: <20011026084328.A14814@bee.lk> from "Anuradha Ratnaweera" at Oct 26, 2001 08:43:28 AM X-Mailer: ELM [version 2.5 PL6] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: From: Alan Cox Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > There is a popular software that runs on MS platform called "download > accelerator". This opens several threads for a download job (each one > downloading a portion of the file), sometimes even using mirror sites. > However, it not only grabs whole bandwidth, but makes it hard for other > machines to even ping each other the return time being around 5-10 seconds on a > 100 Mbps network! The download process is getting only 64 kbps from the > Internet. Internet access is virtually impossible for the other machines. Firewall them off. There are also apache hacks for spotting the download accelerator device and blocking the user for good. > I monitored network traffic with tcpdump, and noticed that those packets don't > have tcp timestamps and tcp sack. I turned them off on my Linux box using > sysctl, and also tried turning on ECN without success. They will tend to come from older windows boxes, the timestamp/sack stuff is unrelated > This is of course a DoS in disguise, and is there a way to stop it? Turning off byte range support in the web server works suprisingly well for it. Another non hacking code approach would be to set up CBQ or other bandwidth limiters so that the users of download accelerator get no benefit. The advantage of the apache hacks is that you can make them actually suffer - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/