.
Mydoom blocking for procmail users, courtesy of skx - Grin with cat attached — LiveJournal
Previous Entry Next Entry
Mydoom blocking for procmail users, courtesy of skx Jan. 29th, 2004 10:29 am
http://www.steve.org.uk/Reference/Snippets/mydoom.html

As an aside - am I right in thinking that:

1) all bandwidth measures (eg 56K modem, 256K aDSL, 1/10/100 Meg pipes) are *all* measure in kilo/mega *BITS* ?

and that

2) this definition of Mega/Kilo is actually based on 1024, not 1000 ?

Anyone know what the approximate transmission overheads are?

Oh and while I'm dumping questions, does anyone know of any data regarding "average page/image/css size on the web?"

Ta all...

From: olithered
Date: January 29th, 2004 - 10:40 am (Link)
1) Yep.
2) Yep.
From: robinbloke
Date: January 29th, 2004 - 10:41 am (Link)
I seem to remember a bit of hassle around hard drive capacity a while back with the mega/kilo issue; some companies were advertising X Meg with meg as 1000 rather than 1024 and people were complaining about it.
(no subject) - (Anonymous)

Re:

From: deliberateblank
Date: January 29th, 2004 - 11:53 am (Link)
Modem speeds are weirder. They follow powers of two times 75 up to 19200, 28800, 33000, ISTR 56k is actally 57600bps, so slightly more than 56*1024.

All are given as bits per second, so for modulated transfer with framing bits, divide by 10 for number of bytes. Except the higher modem rates have built-in hardware compression so you can sometimes see 6-7kB per sec transfer rates. Higher than modem speeds tend not to use framing bits (the whole packet is synchronous), but then you have packet framing (except on ATM), protocol overheads, the max throughput takes a hammering if you have any contention on the local segment or the line is not duplex, and of course max throughput is heavily dependant on the particular IP stack you're using, the relationship between RTT and TCP window size and a whole bunch of other factors. But contention on the route between your local network and the server's network is usually the limiting factor for fatter pipes.

You can find examples of max throughput on various OS's ip-stack-hackers mailing lists, but they'll usually be testing with two machines running a single TCP stream uncontested on a single segment.

The thing I noticed about Slammer is that it flood pings to find new targets, so seriously degrades local network performance, absolutely kills the external pipe (100mbps of ICMP into a 1mbps pipe does not go) and doesn't really do itself any favours in the process, but that doesn't matter because it sends so much crap out it only needs two new targets per infected machine to get exponential growth, anything more is a bonus. (Or at least compensates for infecting machines behind routers which won't let the infection back out.)

Re:

From: reddragdiva
Date: January 29th, 2004 - 11:56 am (Link)
"Except the higher modem rates have built-in hardware compression so you can sometimes see 6-7kB per sec transfer rates."

'Sometimes' is increasingly less often these days - all the really fat content (JPEG, MP3, video) is compressed anyway and doesn't really compress further. Unless it's for email or Usenet, modem compression is almost useless and just increases latency.