In the GRC.COM article he talked about how the malicious intruder was generating "bad" packets which fragmented en route to their destination and this produced some cascade effect of millions of badly formed packets? How does one generate their own packets? Is it very difficult or length code wise? I am just curious what is going on under these DDoS attacks. Does firewalls have rules that can say "I won't allow any packets of type TCP/IP that have packet size great than <FOO>?" What is the solution(s) to stopping these DDoS attacks and making it harder for them to be successful. Does root problem originate at ISP (ie they see one of their networks/subnet/host getting hit with suspicious traffic so they stop that inbound traffic?) or where? Regards, Zach [EMAIL PROTECTED] "Blessed are those who have not seen and yet have faith." - John 20:29 - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
