On Fri, 2006-10-06 at 11:56 -0500, Kevin P. Fleming wrote: > It seems that maybe the best proposal at this time is to just provide > a method for counting the number of improper/bogus signaling packets > received in a given time frame (per second, per minute, etc.) and then > dropping (without response) any signaling that is not known to be > valid beyond that limit.
Sorry, I read this post after I sent my previous email but just want to make one further comment. As mentioned, this makes it trivial to DOS accounts and I would urge you to rule out the syn-cookie approach first before implementing rate limiting on accounts. This exact problem has already been encountered and solved in the TCP world (cira 2000) and the syn-cookie approach has proved itself while connection rate limiting is known to be a poor approach. -- John Lange _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
