Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What is the biggest attack in GBPS you stopped

    Scheduled Pinned Locked Moved General pfSense Questions
    737 Posts 33 Posters 817.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      firewalluser
      last edited by

      @kejianshi:

      Its not that I don't believe hardware is intercepted and modified for some people or that state level agencies don't hack and compromise target systems.  Its just that unless there is some reason I doubt seriously they are doing it to you.

      Are you someone worth targeting?

      I dont think so, but thats a matter of opinion even when people have a thirst for knowledge which reminds me of the saying curiosity killed the cat. The saying is like a warning to not be educated.

      Here in the UK whilst there is a saying, no knowledge of the law is no defence from the law http://en.wikipedia.org/wiki/Ignorantia_juris_non_excusat considering we are born into a world where we are not even taught the laws of the land some of which go back in time before many of us were born like this http://www.channel4.com/news/1946-agreement-nsa-read-your-email-prism-data and the state acts in a duplicious secretative manner like this http://www.channel4.com/news/nsa-edward-snowden-america-britain-tony-blair how can the state be trusted on so many matters to act in any of our [edit - or all of our] best interests?

      I'll come back and add more but got to sort something out.

      Edit.

      In light of the previous comments about thread drift and the fact the your question "Are you someone worth targeting?" has many parallels with religion, maths, biology, physics, quantum physics, philosophy, law both UK, international and foreign country laws, perhaps best summed up as the meaning of life, it would perhaps best be continued in off topic?

      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

      Asch Conformity, mainly the blind leading the blind.

      1 Reply Last reply Reply Quote 0
      • S Offline
        Supermule Banned
        last edited by

        Thank you :D

        SO I will test the VM with only 1 core available and see how it fares.

        1st picture with 1 CPU idle.
        2nd is under D0S.

        Some notes to this. With only one, it did A LOT better lasting 35 seconds before it lost connection to the outside world compared to 5 seconds using 8 CORES.

        It did crash the Webgui as well and lost all contact to the system activity page showing no connection in the browser.

        Youtube Video

        SA_idle_Capture.PNG
        SA_idle_Capture.PNG_thumb
        SA_DoS_Capture.PNG
        SA_DoS_Capture.PNG_thumb

        1 Reply Last reply Reply Quote 0
        • S Offline
          Supermule Banned
          last edited by

          MBUF change to "1.000.000"

          Youtube Video

          Testing of 2 CORES on the way.

          Youtube Video

          Fares a lot better than 1 core

          1 Reply Last reply Reply Quote 0
          • S Offline
            Supermule Banned
            last edited by

            A little breakthrough in regards to responsiveness!

            http://youtu.be/bzFHBOshmlY

            Changed the KERN.IPC.NMBUF setting to "65536". Dont know what 10.1 has as std. setting but it made the damn thing much more responsive.

            Going 4 CORE testing….

            1 Reply Last reply Reply Quote 0
            • S Offline
              Supermule Banned
              last edited by

              4 Cores were not the improvement I had been hoping for.

              Youtube Video

              It actually did worse then the 2 core test.

              Upping to 8 cores.

              1 Reply Last reply Reply Quote 0
              • S Offline
                Supermule Banned
                last edited by

                8 cores

                http://youtu.be/-xTtzLEQx08

                Not as good as hoped but not running 100% CPU like all the others. It seems that the response on the WAN graph are related to the PING on WAN.

                It seems that the 2 CORE setup is the one that performs best in beginning until around 35 seconds into the attack. Then crash. 4 and 8 cores keep the GUI online.

                1 Reply Last reply Reply Quote 0
                • D Offline
                  doktornotor Banned
                  last edited by

                  @Supermule:

                  Testing of 2 CORES on the way.
                  Fares a lot better than 1 core

                  @Supermule:

                  It seems that the 2 CORE setup is the one that performs best in beginning until around 35 seconds into the attack. Then crash. 4 and 8 cores keep the GUI online.

                  Hmmm, so more cores provide more CPU performance to use for other purposes beyond handling the packets filtering (like, running the webserver) . Amazing discovery.

                  1 Reply Last reply Reply Quote 0
                  • S Offline
                    Supermule Banned
                    last edited by

                    Thanks man.

                    I really dig your positive attitude.

                    Should more cores not equal better performanve instaed than JUST keeping the webserver online?

                    The SYN script shouldnt even TOUCH the GUI and make it unresponsive….

                    What about this on a ALIX board or whatever low performanve ATOM?

                    Go get laid and come back with a more positive attitude. ;)

                    On another note, then pls. tell me HOW you would like me to test the systems?

                    WHAT do you recommend doing to get to the bottom of this other than handing over the script causing it?

                    Pls. use a bullet list to point out the obvious....

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      doktornotor Banned
                      last edited by

                      Positive attitude to what? More junky YT videos? Sigh. The last 3 pages are filled with clueless guesses, YT junk, OT noise and spiced with a bit of conspiracy idiocy, so pardon me for not following this amazingly "useful" thread in detail. Did someone here at least provide the traffic captures to the guys who know what they are doing?

                      @Supermule:

                      What about this on a ALIX board or whatever low performanve ATOM?

                      Why the fsck would I or anyone else waste my time with testing a DoS on Alix? Yeah it does not handle it. SIGDOUBLEDUH!

                      1 Reply Last reply Reply Quote 0
                      • S Offline
                        Supermule Banned
                        last edited by

                        Yes….I did a packetcapture free to DL for everyone.

                        1 Reply Last reply Reply Quote 0
                        • N Offline
                          Nullity
                          last edited by

                          doc may be a bit blunt but you cannot be surprised by the attitudes in this thread.

                          You (Supermule) joined the thread and instantly declared pfSense a sub-par OS, and shared no supporting facts or theories. That was pure trolling. Now, I see it was perhaps inadvertent, but damn did you make a bad first impression.

                          My ignorant and honest opinion is that a good admin does not constantly focus on the ways his tools fail him, he figures out how to achieve his goal through other ways. Er… You seem hell-bent on proving pfSense sucks, how about employing some positive attitude and figure out the ways it does not suck.

                          Please correct any obvious misinformation in my posts.
                          -Not a professional; an arrogant ignoramous.

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            Supermule Banned
                            last edited by

                            I have spent the last 2-3 mths together with lowprofile to search for something that can improve it.

                            We have sent numerous mails to the dev's and not much response.

                            We wanted to have the dev's setup a test rig so they could see for themselves how it fares and work together somehow on creating a solution for this or maybe point out what specific issues the base OS has handling the packets.

                            Not much has come back….if nothing at all.

                            Lowprofile is looking at other products to handle his scenario since he is pretty dissappointed in the whole "package" and especilly in the lack of response on a matter this important.

                            1 Reply Last reply Reply Quote 0
                            • F Offline
                              firewalluser
                              last edited by

                              @Supermule:

                              Should more cores not equal better performanve instaed than JUST keeping the webserver online?

                              The OS is multi tasking and as such different services/programs/daemons will always be running so if you had just the core OS plus 7 services/programs/daemons running a single thread each, they would be distributed across all 8 cores and thus load shared within the constraints of the CPU hw.

                              You can think of a thread in a program as an instance of part of the main program, ie you might load a program with a menu that opens other windows. The menu may let you open the same menu option and child window multiple times. In this instance you will probably have a multithreaded app/program running which means each new instance of the child window will likely to be running on its own thread and the OS will distribute those threads across the available cores as well. Its a type of recursion in some respects.

                              In a modern OS theres lots running in the background and they will have different requirements like what priority they should run at, some will take up the time slice of a cpu more frequently than others due to the nature of the program. You can see this in windows in the task manager by right mouse clicking a running process and seeing the options for Set Priority in the popup menu. However dont go changing the priority of running programs & services as it can hog the CPU or make it unresponsive, all in all making the system unstable.

                              The thing to bear in mind with computers they are nothing more than a simple clockwork logic machine with some registers/buffers/disks/memory/place holders of sorts to handle moving data which is really just binary around. Over time they have shrunk in size, got faster and have had more software functions moved to various components like the CPU itself or some functions moved onto graphic cards, nics or disk controllers. Once you overcome the awesomeness of them, they are not really anything special imo.  :)

                              With regard to your discovery this looks relevent now.

                              http://serverfault.com/questions/335461/pfsense-mbuf-full-what-to-do

                              And for more info on mbufs this is also relevant.
                              https://doc.pfsense.org/index.php/What_are_mbufs

                              So it looks like a buffer overflow of sorts which is just another aspect of managing data within an OS or program. In most walks of life like IT, Law or Medicine to name but a few, once you have overcome the terminology it becomes simpler. For example, in Law & Medicine Latin is common, in IT we have our jargon/terminology like Bits, Bytes, Ram, Firewall, & different OS's use different names to describe the same thing, eg in Windows you have services, in Linux you have daemons, even within different programming languages you will see the same, similar or completely different words used to describe the same action or outcome, plus in some languages you can also harness recursion like in C++ you have templates, but thats not to say you cant harness recursion in databases as well.

                              The use of jargon is designed to protect the knowledge we amass which can help to maintain domains/fiefdoms/income.

                              Overcome or learn the jargon/terminology and life becomes alot simpler. ;)

                              Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                              Asch Conformity, mainly the blind leading the blind.

                              1 Reply Last reply Reply Quote 0
                              • N Offline
                                Nullity
                                last edited by

                                @Supermule:

                                I have spent the last 2-3 mths together with lowprofile to search for something that can improve it.

                                We have sent numerous mails to the dev's and not much response.

                                We wanted to have the dev's setup a test rig so they could see for themselves how it fares and work together somehow on creating a solution for this or maybe point out what specific issues the base OS has handling the packets.

                                Not much has come back….if nothing at all.

                                Lowprofile is looking at other products to handle his scenario since he is pretty dissappointed in the whole "package" and especilly in the lack of response on a matter this important.

                                Right, you seem like a good guy, just like most of us are.

                                What is stopping us from working together? I shared why I prematurely thought you were a egotistical troll… perhaps some others share that perspective?

                                Or maybe we are all assholes. :)

                                Please correct any obvious misinformation in my posts.
                                -Not a professional; an arrogant ignoramous.

                                1 Reply Last reply Reply Quote 0
                                • F Offline
                                  firewalluser
                                  last edited by

                                  @Nullity:

                                  What is stopping us from working together? I shared why I prematurely thought you were a egotistical troll… perhaps some others share that perspective?
                                  Or maybe we are all assholes. :)

                                  We are all chemically motivated and biased by the data we have learnt over the long and short term, throw in the absence of body language for this medium http://en.wikipedia.org/wiki/Body_language and we will fill the body language void with our own current emotions sometimes known as projecting (which can soimetimes be illuminating based on what is written above) and thus we can arrive at the wrong conclusions about someone. Emoticons/emojis sometime help but not always as some prefer to not use them as they can still be interpretted incorrectly.

                                  Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                                  Asch Conformity, mainly the blind leading the blind.

                                  1 Reply Last reply Reply Quote 0
                                  • N Offline
                                    Nullity
                                    last edited by

                                    Indeed. I personally hate emoticons too, but I have personally seen how a negative, or lack of postive, focus can send a whole thread into a negative, hateful tone of adversarial confrontations instead of people realizing they actually all have a common goal to solve the friggen problem and learn something.

                                    Please correct any obvious misinformation in my posts.
                                    -Not a professional; an arrogant ignoramous.

                                    1 Reply Last reply Reply Quote 0
                                    • F Offline
                                      firewalluser
                                      last edited by

                                      That would be the butterfly effect to use a mathematical reference, or the emotions fear and anger in a biological sense which is driven by excessive dopamine levels derived from a variety of inputs namely music, caffeine, alcohol & drugs. Dopamine gets broken down into the stress hormones (andrenaline and epherine aka speed the amphetamine), they can be cleared within 3-4hrs in smokers but can take over twice as long in non smokers, but they do help increase spatial intelligence and I'm digressing.

                                      Edit, you could also add in some Asch conformity & Milgrams obedience to authority from a psychological perspective as well as things are more complicated in general when dealing with biological lifeforms compared to Artificial Intelligences.

                                      Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

                                      Asch Conformity, mainly the blind leading the blind.

                                      1 Reply Last reply Reply Quote 0
                                      • S Offline
                                        Supermule Banned
                                        last edited by

                                        Thanks.

                                        Allready changed that in system -> tunables and it made quite a difference on the low core tests.

                                        nmbufs.PNG
                                        nmbufs.PNG_thumb

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          doktornotor Banned
                                          last edited by

                                          @Nullity:

                                          Indeed. I personally hate emoticons too, but I have personally seen how a negative, or lack of postive, focus can send a whole thread into a negative, hateful tone of adversarial confrontations instead of people realizing they actually all have a common goal to solve the friggen problem and learn something.

                                          Because neither screaming "oh noes, it suxxx, we're all doomed, use Windows Firewall instead", nor this YT testing is a way how you handle a perceived security issue.

                                          https://www.freebsd.org/security/reporting.html

                                          @firewalluser:

                                          That would be the butterfly effect… or the emotions fear and anger in a biological sense which is driven by excessive dopamine levels derived from a variety of inputs ...

                                          1 Reply Last reply Reply Quote 0
                                          • S Offline
                                            Supermule Banned
                                            last edited by

                                            See.

                                            I havent stated that people should use Windows Firewall instead.

                                            I have stated that its not affected.

                                            Not the same really…..

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.