Hello!
> An attacker could use random destination addresses if he just want to
> keep the always-defragger's buffer full, so that legitimate packets cannot
> get through.
The longest queue is preempted. In the worst case, it will get
fair share. BTW look at SFQ, it is simple, but interesting algorithm.
What's about random address, it is excatly why I said "destination".
Destination sits inside network controlled by firewall, it is limited
range as rule.
> could not clog it completely. Maybe it is not possible (if you theorem is
> true),
Well, do you still remember that general synfloods are theoretically
unsolvable problem (without cookies)? What is the difference with
defrag? No differences at all.
Forget about DoSes, Andi. Tune _normal_ case at least, it is handled
pathologically now as well.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
