On Sat, Mar 02, 2002 at 11:00:20AM -0800, Don Cohen wrote: > > That depends on your configuration; Squid can be set up as a transparent > > proxy so that all requests made to given ports (80, 443, etc.) are forced > > through Squid instead so that the user doesn't have the choice. > So squid is intercepting packets addressed to somewhere else? > How is it doing that? Usually through port redirection using your firewall (or ipchains ;-). > SFQ is not a good defense - the attacker just sends you random source > addresses and ports and now his packets have priority over yours > (which all come from the same address/port). But you're close. That only works if traffic is generated on all of those hashed address/port pairs in which case the attacker's data flow is just as stymied as mine. -- Michael T. Babcock CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) http://www.fibrespeed.net/~mbabcock/
