Re: teardrop and Linux as a router

Krzysztof G. Baranowski (kgb@manjak.knm.org.pl)
Wed, 26 Nov 1997 22:09:06 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: [sx]quake still segfaults with 2.0.32 and MMX pentium"
Previous message: Theodore Y. Ts'o: "Re: 2.1.66 serial flakeyness?"

While testing the million monkey theory, Paul Rusty Russell said:

>> > else if((ntohs(ip->tot_len)<8+(ip->ihl<<2))&&(ip->protocol==IPPROTO_TCP \
>> > || ip->protocol==IPPROTO_UDP))
>> > return FW_BLOCK;
>> > [...]
>> > methinks that blocking those "ugly" packets without any notification
>> > is a crime ;-) What about a simple patch ? (attached below)

>> Now allow me to send you millions of them filling your disk, driving your
>> load through the roof and generally becoming a denial of service issue.

>Which is what net_ratelimit() is for.
>[ This is done in my Generic IP chains patch -- gratuitous plug ].

Are there any chances to have your patch in official kernel
release or maybe ipfwadm lobby is to stroong ;-)

Kris

--
Krzysztof G. Baranowski - President of the Harmless Manyacs' Club
"Smith & Wesson - The original point and click interface..."
http://www.knm.org.pl/                 <prezes@manjak.knm.org.pl>

Next message: Alan Cox: "Re: [sx]quake still segfaults with 2.0.32 and MMX pentium"
Previous message: Theodore Y. Ts'o: "Re: 2.1.66 serial flakeyness?"