Re: Firewalling and network resource consumption while under attack

david (david@kalifornia.com)
Mon, 21 Sep 1998 10:40:42 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Vladimir Dergachev: "Re: Linux, UDI and SCO."
Previous message: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"
In reply to: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"

Reply to mail from Alan Cox about Firewalling and network resource consumption while under attack
-----------------
> You cannot regulate inbound traffic. You regulate outbound traffic at the
> ISP end, and Linux 2.1.x can do exactly that, you can feed all syn frames
> down a different CBQ class (even with its own routing table 8))

if(stack>80% && SYN) drop_without_even_allocating_anything();

feasible?

I'm looking at discussing this in detail to come up with a solution so
that a linux box doesn't keel over totally blind even under heavy inbound SYN
attack. I'll do some studies of the network path and see if we can come
up with a novel solution that is viable for 2.3.

-d

-- Look, Windows 98 Buy, lemmings, buy! MCSE, Must Consult Someone Experienced (c) 1998 David Ford. Redistribution via the Microsoft Network is prohibited. for linux-kernel: please read linux/Documentation/* before posting problems

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Vladimir Dergachev: "Re: Linux, UDI and SCO."
Previous message: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"
In reply to: Jukka Tapani Santala: "Re: 5 business advantages of Linux Kernel [Almost Off-topic]"