In the last episode (Feb 09), Ed Gold said:
> After reading the article,
>
>http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2000/02/09/MN23532.DTL
>
> I am wondering if FreeBSD should take any action to protect our
> users. I think it would speak incredibly highly of FreeBSD if Yahoo
> and other "customers" were to have some kind of protection from such
> an attack. My initial thoughts are:
>
> A web server should know its limitations and not attempt to handle
> more requests than it can manage. It should invoke a service cutoff
The problem is that for most flood-type DoS attacks, the target machine
doesn't see most of the traffic. The idea is to flood the
T1/T3/whatever lines, or send enough small packets that the routers are
overwhelmed. The smart limiting you describe is good for servers that
have relatively few connections that take a lot of CPU each. I'd say
that most database-backended servers have a similar problem, and do
have per-IP query limits or some other form of restrictions. The best
(worst?) example of this I can think of is the all-too-common IIS
"HTTP/1.0 Server Too Busy" message.
--
Dan Nelson
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
