On 7/6/16 4:21 PM, alvin.ml@xxxxxxxxxxxxxxxxxxxxxxx wrote: > but without iptables, the ddos attacks are even worst .. at BGP level, when an AS is DDoSed with a 10Gbps rate (or maybe more), /usually/ there is a lot of gear inside an ISP that becomes unresponsive before it can reach an iptables/firewall/ddos-mitigation box so, dealing with iptables to sort out some local rate-limit effect (until the pipe is not full) is ok, but it's useless if ASes don't adhere to BCP38 or if they don't deploy BGPSec (for instance) -- antonio -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
