Security Basics mailing list archives
RE: Any good method to check network overload?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 3 Mar 2003 11:47:42 -0800
I work with some routers which do not handle overloads well. However, they at least follow the principle that ICMP traffic takes low priority, so as the traffic load increases, their response to direct pings becomes slower and slower. At some point short of total overload, they no longer have enough spare capacity to answer pings at all. This suggests that if ping times are consistently more than some value, or are timing out, then the network is probably overloaded. (Pings will also time out if the router is down, but you probably want to alert for that, too. If you need to distinguish between the two cases, compare pings OF the router with pings THROUGH the router.) David Gillett
-----Original Message----- From: swin [mailto:swin () student dlut edu cn] Sent: March 2, 2003 23:56 To: security-basics () securityfocus com Subject: Any good method to check network overload? Hello! I am doing researtch on protecting system from DDoS attacking,in my researth work ,there is a part is to find network is overload and raise alarm . Here ,network overload means in certain time ,network is very busy ,servers or network equipment can not deal with so much request and make the entire network system very slow. As known ,when systems are in DDoS attacking ,it can cause this situation,but also when sometimes a lot of normal user are using the server together ,it also approach this situation. Right now, I do not care about what really cause this network overload, alse if I am energetic enough I can take care of the system 24 hours a day, but I want to use a program automatically check this situation,when our system is in overload,it can alarm. Before this I also thought some methods to check ,for example I used to try to calculate the average load of the system and use this value multiply certain coefficient as the systen's max load when exceed this so call max load we consider it overload,but this method I'm not satisfied . The second achive is to check server or network equipment's network stack queue,if the queue is too long ,it represents the system are too busy to deal with so much request,but I'm also not sure about this method ,so I want know other's opinion. Alse if any others have better way to check this overload ,I'm so glad to hear it ! Thanks in advance! Swin. wang
Current thread:
- Any good method to check network overload? swin (Mar 03)
- RE: Any good method to check network overload? David Gillett (Mar 04)
- <Possible follow-ups>
- RE: Any good method to check network overload? swin (Mar 05)
- RE: Any good method to check network overload? David Gillett (Mar 05)
- RE: Any good method to check network overload? Mark Reardon (Mar 06)
- Re: Any good method to check network overload? stefmit (Mar 07)
- RE: Any good method to check network overload? Trevor Cushen (Mar 06)
- RE: Any good method to check network overload? Chris Berry (Mar 06)
- RE: Any good method to check network overload? David Gillett (Mar 07)
- RE: Any good method to check network overload? Mike Dresser (Mar 07)
- Re: Any good method to check network overload? gene yoo (Mar 07)
- Re: Any good method to check network overload? Sean Knox (Mar 07)
- RE: Any good method to check network overload? David Gillett (Mar 07)
(Thread continues...)