North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mitigating HTTP DDoS attacks?

  • From: Peter Dambier
  • Date: Tue Mar 25 04:27:45 2008
  • Openpgp: id=EB5CCB28; url=

> On Mon, Mar 24, 2008 at 11:34:58PM +0000, Paul Vixie wrote:
>> i only use or recommend operating systems that have their own host based
>> firewalls.  

That was exactly my problem.

Barney Wolff wrote:
> What finally broke was doing a table list, possibly because the
> command prints in sorted order.  

Happened to me too.

First step: Borrowed "sort.c" from Minix.

Next step: Large swap file.

Finally: changed the distribution.

sort is one the biggest hidden problems. There are broken sorts around,
I guess some of the problems are character set specific. There is no
more EBCDIC but UTF-8 and UTF-16 are even worse.

Related to sort, you may have more than enough memory or swap but your
process wont get it.

You can avoid sorting by looking into the "/proc" files.

proc2pl might get you ideas, from the ISAON tools on

You might even sort or grep the output and you can always do that
on a machine that is not your router.

Kind regards

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP:
mail: [email protected]