On Fri, 28 Feb 2003 20:04:44 -0600 (CST), Jason <baker@cyborgworkshop.com> wrote in message <Pine.LNX.4.50.0302282003460.20817-100000@alfred.home.cyborgworkshop.co m>: > > ..an idea: limit the number of connections to a level the authorized > > dos attack app _can_ handle, and to reject or reset rather than > > dropping connections? > > That is what I hope to do with the iptables box running iplimit. > Except instead of rejecting the connections Im going to redirect users > to a static page that just pretty much says "we're busy try again" > ..can the authorized dos attack application use this to back off? Failing that, try kill off its old no-longer-used connections. -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case.
