On Tue, Jul 29, 2003 at 04:47:30PM +0300, Alexey E. Suslikov wrote: > assume, your router directly plugged into ether on > a isp's switch. assume, some nasty guy on the same > segment trying to waste your PHYSICAL bandwidth by > sending broad- or multicasts. yes, your packet filter > will drop them, but prior to drop, stack must RECEIVE > them and pf must recognize them as "to be dropped". > > now, your PHYSICAL pipe is full of junk. so, Ed, > explain me, how to shape down this junk?
it doesn't help against this attack. slowing down the outgoing tcp acks etc slows down usual downloads tho. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
