* frank hu <[EMAIL PROTECTED]> [2007-02-07 14:31]: > So is it possible to drop every first SYN packet and ask sender to > resend it just like spamd has done? > As such, DoS tool will never create state but legitimate connection > will do. Just some thoughts. :)
and to track who has sent the SYN again (or, has sent the ACk, whatever) you need... right, some kind of state. there is no win here. > It ls worth to add some anti-DoS measure in pf now. we have quite a few. I bet you ahven't discovered a 10th of them. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
