Extremely high ksoftirqd when UDP flooding an embedded device
Dear
I am trying to make my embedded device robust against DoS attack but I notice that the system has a tremendously high ksoftirqd load causing the system to hang completely. I am testing the system by pushing a large number of UDP messages to the system (> 250k messages per second). Is there a way to protect our system against an attack of this kind? Could we use traffic control or iptables for this? This has been tested on a custom board with imx6ul processor. Thanks Pieter |
You can try ebtables tool, working on layer 2.
|
I have got a look at ebtables cause I never heard about it. I however have some doubts if it could be useful for my use case. If I look at the example of rate shaping, then it relies on tc to implement the traffic shaping. See example 'rate shaping': https://ebtables.netfilter.org/examp....html#example5
Thanks for the input! |
All times are GMT -5. The time now is 12:05 PM. |