I want to rate limit queries to protect from Polyakov styled attack:
http://www.nytimes.com/2008/08/09/technology/09flaw.html?
_r=1&partner=rssnyt&emc=rss&oref=slogin
ISC's Paul Vixie recommends limiting to 10Mbits/sec to mitigate this
attack vector, but I can't find anything on iptables rate limiting
based on bits, bytes, or Mb / time (as opposed to packets/time).
Assuming that the size of any single UDP packet in a query can
change, up to the limit where it is refused in exchange for a tcp
packet, I can't even see how the correct packets/time could be
accurately inferred. Any recommendations?
Thanks!
Steven Stromer
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
