Subject: Re: Fragment queue size?
To: None <>
From: gabriel rosenkoetter <>
List: tech-security
Date: 04/22/2002 01:47:46
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Apr 20, 2002 at 09:47:44AM -0700, Paul Hoffman wrote:
> Related to this, though, is the question "if I know I have gobs of=20
> extra RAM, are there settings I can change in the kernel to make DoS=20
> attacks less harmful to me?"

In no case is the solution to a DoS "use more of a resource to take
the load". The DoSer will *always* win, because they can just keep
going till your resource is consumed. It's a losing battle, don't
fight it.

(If what you want to do is increase your queue length so that you
can get a better handle on the pattern so that you can then filter
the crap upstream, that seems reasonable, but you should do this as
a diagnostic, not as a solution.)

gabriel rosenkoetter

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see