On Friday 01 November 2002 9:46 am, fxian_2003 wrote: > Hi! > To defend DoS attack,iptables implement rate-limit function. Today I > used a DoS-type attack tool to syn-flood the targeted machine, the CPU load > of the machine rised sharply to 90%. Then I add a iptables limit rule in > which limit rate is 3/min, but the result was dissapointed for the load of > CPU was still 90%. So I deduced that traffic limit function could't repel > DoS attack effectively. What happens if you have the rate limit rule in place *before* attacking the machine with your DoS tool (which I think is a more realistic test) ? Antony. -- Documentation is like sex: when it's good, it's very very good; when it's bad, it's still better than nothing.
