> This brings me to an interesting point...
>
> We need a tcp-wrapper solution half in/half out of the kernel. Why you
> say? Well, if the kernel has the tcpd controlls or tcpd can get high enough
> in the IP stack then it can do all sorts of evil IP level tricks:
>
> - Block the connection all together (silently drop the syn)
> (ICMP dest unreachable)
Can't you do that with ipfwadm -I -a (deny|reject)?
> - Intentionally drop packets... (give them _less_ than UDP priority)
> ("He's sending packets too fast... drop 'em")
This may keep their system busy, but it won't do a lot of good for your
net connection either.
> - Artifically reduce the throughput...
Can this be done with the shaper patches?
BGP "accidents" with bogus as paths might be interesting too.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______