Subject: Re: interrupt rate from a NIC
To: Kamal R Prasad <firstname.lastname@example.org>
From: Martin Husemann <email@example.com>
Date: 03/07/2003 09:35:06
On Fri, Mar 07, 2003 at 08:22:49AM +0000, Kamal R Prasad wrote:
> Im looking at providing a fix for a DDoS wherein the attacker uses many
> machines to attack a system. note that an attack involves sending something
> like a flood of SYNs and not responding to the SYN ACK
Ah, that thing ;-)
You don't run out of interrupts with that. You might run out of memory for
the syn cache.
Could someone please remind me why the syn-cookie aproach was considered bad?