On Tue, Jul 29, 2003 at 16:46:22 +0200, Henning Brauer wrote: >On Tue, Jul 29, 2003 at 04:47:30PM +0300, Alexey E. Suslikov wrote: >> assume, your router directly plugged into ether on >> a isp's switch. assume, some nasty guy on the same >> segment trying to waste your PHYSICAL bandwidth by >> sending broad- or multicasts. yes, your packet filter >> will drop them, but prior to drop, stack must RECEIVE >> them and pf must recognize them as "to be dropped". >> >> now, your PHYSICAL pipe is full of junk. so, Ed, >> explain me, how to shape down this junk? > >it doesn't help against this attack. >slowing down the outgoing tcp acks etc slows down usual downloads tho.
:) of course not. the goal of my example is to show, "how priorizing of incoming traffic not work" :) btw, there are lot of Layer 2 nasties for bandwidth wasting. and nobody can save your PIPE from ddos. this is isp's task to block such traffic, both L2 and L3.
