On Thu, 25 Sep 2003 08:16:59 +1000 James McDonald <[EMAIL PROTECTED]> wrote:
> I understand that nothing can be done if you saturate the pipe. But > wouldn't stateful inspection and some rules to say `when x number of > connections occur from y host in z time' cause the firewall to drop the > attacking hosts packet and at least try for partial service over none? It's a DDoS attack. Distributed. From an anti-spam list... This kind of "spread the targets" tactic has been tried in the past to protect IRC servers/websites and admins, but fails dramatically in the face of 20-50,000 cable-connected zombies being used for DDoS - they can spread the targetting around or simply bring another 10,000 machines into the attack. Yes, they really do have botnets this large. :-( Soon everyone except the script kiddies will hate Microsoft. -- ----------------------------------------------------------------------- | Alan K. Jackson | To see a World in a Grain of Sand | | [EMAIL PROTECTED] | And a Heaven in a Wild Flower, | | www.ajackson.org | Hold Infinity in the palm of your hand | | Houston, Texas | And Eternity in an hour. - Blake | ----------------------------------------------------------------------- _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users