Samuli Kaski wrote:
> > > Is there a simple way to stop all icmp ????
> >
> > 3. The attacker can always flood you with some other type of packet,
> > e.g. TCP SYN packets. I presume that these would use more resources
> > than an ICMP echo request.
>
> And correct me if I'm wrong but filtering at the destination of the attack
> makes little sense. You will have to filter one or more hops uplink, talk
> to your ISP.
Obviously it would be preferable to filter the traffic further
upstream. However, there are still reasons to filter locally,
including:
1. To save CPU time (although I can't see that handling an ICMP echo
request is all that CPU-intensive).
2. To avoid using up a similar amount of bandwidth on the outbound
trip with the replies.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
