On Mar 4, 2011, at 1:09 PM, Keith Moore wrote: > The question that comes to my mind is "how to securely signal hosts that > they're under such attack, and need to do this?"
I'm sure there's a venue for that question... But I think I might be inclined to have the OS detect the fact itself, at least in some percentage of the cases. If I am receiving a large number of messages to which I am replying with an ICMP "huh?", or that I have a large number of TCP sessions that are attempting to communicate using but am in retransmission timeouts or dropping the sessions entirely are examples of "it's not supposed to work that way" that might lead me to the conclusion that I am under attack. _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
