So, I had some free time in the office today. I was kind of nice except, you know, for the people in my office. Can’t stand them.
Anyways, I noticed that things were hella slow on the internet. I did some poking around, turned on a monitor port, and fired up Wireshark.
More than 10,000 packets a second were coming in. Almost all of them were coming in to X.X.X.102. I checked it, and .102 was someone’s iPhone. Some further testing (and turning off the Wi-fi) showed a shitload of traffic still coming into .102.
So, some more poking around (and turning off the iPhone) shows that what was actually happening was that .102 was set for a DMZ. All the crap not destined for someone specific on a correct port was being forwarded to .102.
But 10,000 packets a second? WTF? Is that what a typical firewall is dumping per second?
-Joe
What’s the regular throughput of your firewall?
As you’ve seen, 10k dumped packets isn’t hard to hit, especially if something’s run amok or someone’s trying to DOS you.
I poked one of our network guys, and on a good day when the hackers are in bed, we’re dumping closer to 100k a second per firewall, (just his offhand recollection - they’re not closely logging how much gets kicked out) but then, we’re a big target, and we’ve got correspondingly big network gear. (our internal backbone is OC-192, and we pull in a bunch of OC-3 and OC-12 connections to the outside world at various locations around the country.)
On the other hand, 10k packets a second would probably melt a SOHO product such as a Linksys broadband router.
Well, our Sonicwall is sick in bed, so it is just a crappy little SOHO D-link right now. Thing is, the numbers you described are some big-assed pipes. Here at our office we’re packing a whopping pair of T-1s.
-Joe