bugzilla-daemon@netfilter.org
2003-Feb-20 12:43 UTC
[Bug 53] New: Feature request - Basic Denial of Service feature
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=53
Summary: Feature request - Basic Denial of Service feature
Product: iptables userspace
Version: unspecified
Platform: All
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P2
Component: unknown
AssignedTo: laforge@netfilter.org
ReportedBy: malcolm.turnbull@crocus.co.uk
CC: netfilter-buglog@lists.netfilter.org
I know this is a really complex subject and may be impossible ?
BUT :
If you could limit connections based on unique source ip address rather than the
current specific ip address you could implement fairly powerfull DOS rules..
i.e. limit ANY 1 source ip address to 5 connections per second
Therfore no individual ip could DOS you, and DDOS would be slowed down
I know this would take up a large amount of memory and hit performance hard but
I'm sure that could be worked around... :-)
Ps. Keep up the fantastic work. my Nokia/Checkpoint combination is now in the
bin where it belongs.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Reasonably Related Threads
- [Bug 53] Feature request - Basic Denial of Service feature
- (Fwd) [SA11578] Icecast Basic Authorization Denial of Service
- (Fwd) [SA11578] Icecast Basic Authorization Denial of Service
- Re: [NBDKIT SECURITY] Denial of Service / Amplification Attack in nbdkit
- What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service
Wisdom of the Ancients
