Hi guys,
I had added a rule to my linux box to prevent "Ping flooding".
Actually, i limit ICMP packet to be accepted 253 times at maximum
within a second by the limit extension option. The rule looks like this
"ipatbles -A INPUT -p icmp -m limit --limit 253/s -j ACCEPT"
"ipatbles -A INPUT -p icmp -j DROP"
But when i use packet generator with sniffer to test this fucntion, it
doesn't always work. If i send each icmp packets with 10 millisecond
delay within a second, it works fine, but when i doing this with each
packet less than 10
millisecond delay within a second, it seems crash(only few packets match
the first rule,
others will be matched by the second rule ).This seems that limit module
can only see
packet every 10 millisecond. Any ideas?
Any comments will be very appreciated!
Nick Wu
_________________________________________________________________
現在就上 MSN 聊天室:在線上結交新朋友,與多人即時互動對談
http://chat.msn.com?pgmarket=zh-tw
