Date: Sat, 15 Feb 2003 13:54:20 -0500 From: Chuck Swiger <cswiger@mac.com> To: Freebsd-Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: using Dummynet to rate limit ftp Message-ID: <3E4E8CDC.1090404@mac.com> In-Reply-To: <20030215104024.GB68671@happy-idiot-talk.infracaninophi> References: <AGEHIFHGNEMPFNCPLONMEEPKEDAA.paul@compwest.com.au> <20030215104024.GB68671@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: [ ... ] > Now, that sounds quite reasonable, but it's really quite a minefield. > Consider that the TCP stream could be fragmented --- unlikely in > normal usage, but something a potential attacker might try --- or that > an attacker might be able to persuade your firewall to open up access > to ports or addresses it really shouldn't by sending a cunningly > modified FTP control exchange. While I agree with this and the points you've made, let me suggest that the problem the original poster had is better solved by prioritizing traffic, rather than by setting fixed bandwidth limits in place. Or perhaps "in addition to fixed BW limits". -Chuck To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E4E8CDC.1090404>