On Sat, Apr 15, 2000 at 08:34:10PM +0200, [EMAIL PROTECTED] wrote:
> BTW in this case "fair" resource allocation is possible.
> F.e. for defragmenter you could use SFQ-like scheme. It is cheap
> and mighty. Even true fair queue based on destiantion IP address
> is possible in the case of "always defrag". And it really defends against DoS.
An attacker could use random destination addresses if he just want to
keep the always-defragger's buffer full, so that legitimate packets cannot
get through. I was thinking about some scheme that keeps enough space in
the buffers by dropping early, so that an attacker with moderate bandwidth
could not clog it completely. Maybe it is not possible (if you theorem is
true), we'll see. Stopping an attacker that has 1/2 the bandwidth of the fw
would be enough.
-Andi
--
This is like TV. I don't like TV.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
