> those of you who haven't red any of my emails, i have to DSL connections and > a linux box doing conntrack and SNAT for 200 "greedy" users. The problem is > KaZZa seems to open thousands of TCP connections in a couple of seconds, and > floods the system. Sounds like you need something which allows each flow to burst for a short time, but throttles long-lived connections. In addition, you may need to rate-limit the SYN packets from each node to thwart clients which try to open many short-lived connections in order to defeat the long-lived connection throttling. AFAIK you'll need to break out the C compiler to achieve this on Linux...
