Michael H. Warfield wrote:
> > > 3. The attacker can always flood you with some other type of packet,
> > > e.g. TCP SYN packets. I presume that these would use more resources
> > > than an ICMP echo request.
>
> Ping packets can be loaded with huge payloads. Syn packets cannot
> (unless you are talking about that $#@$#@ ttcp junk - single packet with
> SYN + data + FIN).
Note that we aren't necessarily discussing *valid* packets; these are
just packets which an attacker is sending to harass the system.
OTOH, even if a TCP SYN packet was given a large payload, the kernel
isn't likely to bounce the payload back to the sender (c/f ICMP echo
request).
While we're on this subject, a couple of questions:
1. Am I correct in assuming that a TCP SYN packet (or any TCP packet,
for that matter) will load the system (as opposed to the network) more
than an ICMP echo request?
2. Will a loaded SYN packet consume any less CPU resources than an
empty one? (i.e. will something reject non-empty SYN packets?)
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
