Subject: Re: interrupt rate from a NIC
To: Martin Husemann <martin@duskware.de>
From: Kamal R Prasad <kamalrpr@in.ibm.com>
List: tech-net
Date: 03/07/2003 08:22:49
> Ary you looking at some real problem or just making up theories?
Im looking at providing a fix for a DDoS wherein the attacker uses many
machines to attack a system. note that an attack involves sending something
like a flood of SYNs and not responding to the SYN ACK (maybe because the
ip address is spoofed or it doesn't want to intentionally) thus eating up a
lot of resources that go into setting up a connection on the target
machine. even if the target machine sends in a request to slow down rate at
which packets are being sent, the attacker will probably not pay heed to
it. btw, many servers use gigE NICs nowadays.
thanks
-kamal


Martin