hi, > > My memory of the technical details is a bit vague, so sorry iff this is > a > stupid question, but anyway:
You are welcome. > Can this really help? I.e. isn't it very easy to put wrong IP adresses > into the > packet you send to a server? So you can just flood the server with > requests > that all _seem_ to origin from different clients? > After all, as an attacker you don't really care about getting the answer > pakets, or do you? > So your solution slows down the server side even more (even if just by > a factor of 1.01 or smaller) while only helping against attackers which > don't know about that trick, yet. That's the traditional DDoS to tcp layers.The trick to change ip in packet should be forbidden by up layer routers or firewalls,and generally, it's forbidden. Greetings, Guanjun ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
