Subject: Re: Fragment queue size?
To: Perry E. Metzger <firstname.lastname@example.org>
From: Paul Hoffman <email@example.com>
Date: 04/20/2002 09:47:44
At 12:30 PM -0400 4/20/02, Perry E. Metzger wrote:
> > Thanks! If I wanted to make my system more resistant to DoS attacks,
>> could I set this maximum higher in this file and rebuild the kernel?
>I don't know that this would be a great idea. Fragmented packets are
>very rare in "real life" -- if you are getting huge numbers of them,
>they're almost certainly bogus and you shouldn't be trying to keep
Hmmm, good point. My response to "they're sending me bogus fragmented
packets" was to make a bigger queue, but in retrospect that might not
be a good thing.
Related to this, though, is the question "if I know I have gobs of
extra RAM, are there settings I can change in the kernel to make DoS
attacks less harmful to me?"