On 17/07/2010 24:04:38, Lowell Gilbert wrote: > Alex Kozlov <spam_at_rm-rf.kiev.ua> writes: > >> On Fri, Jul 16, 2010 at 04:27:39PM +0200, Gabor Kovesdan wrote: >>> Em 2010.07.16. 16:23, Alex Kozlov escreveu: >>>> On Fri, Jul 16, 2010 at 03:58:33PM +0200, Gabor Kovesdan wrote: >>>> >>>> Thousands pc simultaneously try to access cvsup servers? >>>> Sound like a ddos to me. >>> Yes, this was the only concern and that's why I started this discussion. >> And because its periodic, We can't use portsnap solution (random delay >> before csup start). > > It's not completely impossible; periodic could spin off a separate shell > for it, with a random delay. It's not clear what the best way to deal > with the output would be, although several approaches present themselves. > It would be a lot more complicated than Gabor's approach, though. Simply ensuring the csup periodic job is the last one to run (/etc/periodic/daily/1000.csup ?) should give you the best of both worlds. You can insert a random delay of up to an hour and still deal with csup as a foreground job. All of the other periodic jobs will run as normal (and should help with randomising the time distribution of the csup runs too) -- you'll just have to wait a bit longer for the nightly e-mail to be produced. Even so, I think this is still likely to upset the cvsup servers: a whole timezone worth of machines hitting a small number of servers within one or two hours might be doable with portsnap / freebsd-update but cvsup requires a lot more effort server-side. Cheers Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew_at_infracaninophile.co.uk Kent, CT11 9PW
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:05 UTC