i am interested 9in using altq to limit the outflow from an rfc1918
NAT'd network to alleviate the possibility of e.g. DDoS attacks
originating from within the NAT.
one of our security guys (who is not familiar with pf) mentioned to
me that i should look for something to rate-limit (packets/sec)
outgoing, since for example a DDoS SYN flood pointed at a webserver
port 80/443 just spews little packets at a high rate. but the
closest thing i see to this is the "qlimit" parameter for max
packets queued.. doesn't really seem like it would be the same thing.
am i missing something? has this issue been discussed?
i suspect i am missing something..
cheers,
chris linn
--
Christopher Linn, (celinn at mtu.edu) | By no means shall either the CEC
Staff System Administrator | or MTU be held in any way liable
Center for Experimental Computation | for any opinions or conjecture I
Michigan Technological University | hold to or imply to hold herein.
