--l06SQqiZYCi8rTKz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Apr 20, 2002 at 09:47:44AM -0700, Paul Hoffman wrote:
> Related to this, though, is the question "if I know I have gobs of=20
> extra RAM, are there settings I can change in the kernel to make DoS=20
> attacks less harmful to me?"

In no case is the solution to a DoS "use more of a resource to take
the load". The DoSer will *always* win, because they can just keep
going till your resource is consumed. It's a losing battle, don't
fight it.

(If what you want to do is increase your queue length so that you
can get a better handle on the pattern so that you can then filter
the crap upstream, that seems reasonable, but you should do this as
a diagnostic, not as a solution.)

--=20
gabriel rosenkoetter
gr@eclipsed.net

--l06SQqiZYCi8rTKz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (NetBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjzDpAIACgkQ9ehacAz5CRo34QCfZ2t0lnnp8WiCSVaKgN5LRptI
f+YAmwUp+/ivTbcfiX3qRS/8RPsZjH78
=+xjQ
-----END PGP SIGNATURE-----

--l06SQqiZYCi8rTKz--