What would you suggest to counter that type of an attack, or is this type of attack of no importance?
You can't empty a pipe by putting a plug in the end marked 'out'.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henning Brauer
On Tue, Jul 29, 2003 at 04:47:30PM +0300, Alexey E. Suslikov wrote:assume, your router directly plugged into ether on a isp's switch. assume, some nasty guy on the same segment trying to waste your PHYSICAL bandwidth by sending broad- or multicasts. yes, your packet filter will drop them, but prior to drop, stack must RECEIVE them and pf must recognize them as "to be dropped".
now, your PHYSICAL pipe is full of junk. so, Ed, explain me, how to shape down this junk?
it doesn't help against this attack. slowing down the outgoing tcp acks etc slows down usual downloads tho.
