[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: source limit



On Mon, Mar 17, 2003 at 11:15:24AM +0800, NortonNg wrote:
> ipfw limit option is easy be DoS.
> for example: ipfw add tcp from any to 80 limit 1000
  We're talking about src-addr, which enforces a limit per rule/source ip.
  
  It is only DOSable for the TCP protocol if you can spoof IP addresses
and reliably predict TCP ISNs. There are a lot of arguments against this
kind of limit, but per rule/source ip pairs are at least less DOSable than
plain per rule limits.
  Or through a DDOS, but a firewall rule can hardly protect against this.
  
-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <[email protected]>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/