On -10.01.-28163 20:59, Harlan Stenn wrote: > This gets a bit more complicated when taking into consideration: > - we'll get more traffic from a NAT gateway > - - do we need to be able to configure a threshhold for this case?
Can't say much about KOD as-is, but here's my .02 on the net-behind-NAT scenario: If -- you want to fine-tune limits according to the number of actual clients behind the NAT, *or* -- want to keep providing service to genuine clients behind a NAT gateway while defending against co-located noncooperative bad apples then you have an interest to make the NATed clients identifiable (beyond what OS fingerprinting can do already). The straightforward approach to doing so would be to send out not plain "go DIAF"s, but messages along the lines of "I'm willing to service your further requests *if* you label them with this random ID (and behave)". Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/> Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions