[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf compatibility w/ other unix OS

To: "misc@" <misc@openbsd.org>
Subject: Re: pf compatibility w/ other unix OS
From: Jedi/Sector One <j@pureftpd.org>
Date: Mon, 3 Jun 2002 11:28:14 +0200
Content-Disposition: inline
References: <MKEKKOHGOGCHFLOFDGPNAEGKCBAA.dedonckers@pandora.be>
User-Agent: Mutt/1.3.99i

On Mon, Jun 03, 2002 at 11:07:48AM +0200, Steve wrote:
> dude, you must have been on mars.. it's been around for quite some time now
> check altqd(8) or http://www.muine.org/~hoang/openpf.html

  Dude, I was using altq before it was in tree.

  What I mean with rate limitation is to disallow the same <source ip>/
<dest ip+port> pair to match 100 times a second.

  Without that, there are always kiddies trying to fetch our Perl scripts
through flooding HTTP requests. It happens at least once in a day, thus
causing a very simple yet very effective DOS.

  Yes, rate limitation can introduce other sorts of DOS. And yes, this
system sometimes bans AOL proxies. But it's better than web servers
constantly down for everybody.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/

Follow-Ups:
- Re: pf compatibility w/ other unix OS
  - From: dreamwvr <dreamwvr@dreamwvr.com>
- Re: pf compatibility w/ other unix OS
  - From: dreamwvr <dreamwvr@dreamwvr.com>

References:
- Re: pf compatibility w/ other unix OS
  - From: "Steve" <dedonckers@pandora.be>

Prev by Date: Re: pf compatiblity w/ other unix OS
Next by Date: ipsec (home network)
Prev by thread: Re: pf compatibility w/ other unix OS
Next by thread: Re: pf compatibility w/ other unix OS
Index(es):
- Date
- Thread