[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: max-src-conn-rate and icmp?

On Thu, Mar 31, 2005 at 05:33:11PM -0500, Jim Zajkowski wrote:
> Is there any way we can have a machine, which generates a high amount
> of ICMP traffic, be snarfed into some overload table so we can give
> them a "please call us" http forced response?
This is not currently possible, as the 'overload' aspect is only
implemented for 'max-src-conn-rate', which wouldn't apply to ICMP (as
there's no handshake).
But it could be extended so 'overload' can be used with
'max-src-states', which would trigger it as soon as the maximum number
of states are present, and ICMP 'connections' do create state.