On Thu, 28 Aug 2003, Glen Turner wrote:
> Fellas, how about using rate limiting. Linux has marvellous
> QoS features, enough to allow a few ICMP ECHOs for fault
> diagnosis but to deny a ping flood.
>
> > Note that its probably not a good idea to block ICMP source quench
> > packets.
>
> Nah, block those suckers. Source Quench is deprecated.
I stand corrected.
> The list is
>
> Block
> Obsolete
> Source Quench
> Information Request/Reply
> Datagram Conversion
> Shouldn't cross network boundary
> Address Mask Request/Reply
> Redirect
> Domain Name
> Router Advertisment/Selection
> Required for operation (rate limit these to, say, 10% of bandwidth)
> Destination Unreachable
> Time Exceeded
> Security Failure
> Parameter Problem
> Required for diagnosis (rate limit these to, say, 1% of bandwidth)
> Echo Request/Reply
> Timestamp Request/Reply
>
> Regards,
> Glen
Cheers for the list
Andrew
--
No added Sugar. Not tested on animals. May contain traces of Nuts. If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
