[Bug 53] New: Feature request - Basic Denial of Service feature

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Thu, 20 Feb 2003 13:43:51 +0100


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=53

           Summary: Feature request - Basic Denial of Service feature
           Product: iptables userspace
           Version: unspecified
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: unknown
        AssignedTo: laforge@netfilter.org
        ReportedBy: malcolm.turnbull@crocus.co.uk
                CC: netfilter-buglog@lists.netfilter.org


I know this is a really complex subject and may be impossible ?
BUT :
If you could limit connections based on unique source ip address rather than the
current specific ip address you could implement fairly powerfull DOS rules..

i.e. limit ANY 1 source ip address to 5 connections per second
Therfore no individual ip could DOS you, and DDOS would be slowed down

I know this would take up a large amount of memory and hit performance hard but
I'm sure that could be worked around... :-)

Ps. Keep up the fantastic work. my Nokia/Checkpoint combination is now in the
bin where it belongs.



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.