Date: Tue, 18 Jan 2000 09:55:55 -0800 From: Kuzak <kuzak@kuzak.net> To: "Jonathan Fortin" <jonf@revelex.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: TCP/IP Message-ID: <200001181803.e0II3XR62126@alpha.dgweb.com> In-Reply-To: <002801bf61de$b2663560$0900000a@server>
next in thread | previous in thread | raw e-mail | index | archive | help
<html> Once the DoS gets to the server there is not much point in trying to filter it<br> since it will already be filling your connection.=A0 The only way that I have found<br> effective at all is to block and rate limit everything at the border routers.=A0 Further<br> upstream would of course be better, but who has gotten uu to give in an give then<br> access to the policies on their routers?<br> -Aric<br> <br> <br> <br> <br> <br> At 12:06 PM 1/18/00 -0600, you wrote: <br> <blockquote type=3Dcite cite>=A0<br> <font size=3D2>I noticed that most of the firewalls out there don't cover protection e.g, on a denial of service attack, it should ignore the whole protocol</font><br> <font size=3D3>but only allow packets with 3k in lenght. etc.</blockquote><br> <br> <br> </font></html> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001181803.e0II3XR62126>