Subject: Re: Fragment queue size?
To: Perry E. Metzger <>
From: Paul Hoffman <>
List: tech-security
Date: 04/20/2002 09:47:44
At 12:30 PM -0400 4/20/02, Perry E. Metzger wrote:
>  > Thanks! If I wanted to make my system more resistant to DoS attacks,
>>  could I set this maximum higher in this file and rebuild the kernel?
>I don't know that this would be a great idea. Fragmented packets are
>very rare in "real life" -- if you are getting huge numbers of them,
>they're almost certainly bogus and you shouldn't be trying to keep
>them around.

Hmmm, good point. My response to "they're sending me bogus fragmented 
packets" was to make a bigger queue, but in retrospect that might not 
be a good thing.

Related to this, though, is the question "if I know I have gobs of 
extra RAM, are there settings I can change in the kernel to make DoS 
attacks less harmful to me?"