From owner-freebsd-current Wed Jul 8 18:01:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA26541 for freebsd-current-outgoing; Wed, 8 Jul 1998 18:01:07 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA26533 for ; Wed, 8 Jul 1998 18:01:04 -0700 (PDT) (envelope-from doconnor@cain.gsoft.com.au) Received: from cain (localhost [127.0.0.1]) by cain.gsoft.com.au (8.8.8/8.6.9) with ESMTP id KAA20575; Thu, 9 Jul 1998 10:30:23 +0930 (CST) Message-Id: <199807090100.KAA20575@cain.gsoft.com.au> X-Mailer: exmh version 2.0zeta 7/24/97 To: sthaug@nethelp.no cc: freebsd-current@FreeBSD.ORG Subject: Re: Rate limit for system calls to prevent denial of service attacks? In-reply-to: Your message of "Wed, 08 Jul 1998 10:33:28 +0200." <22965.899886808@verdi.nethelp.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 09 Jul 1998 10:30:23 +0930 From: "Daniel O'Connor" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Limiting CPU time per process or user is probably not sufficient, > unless you set it to absurdly small limits. It looks to me like we > need some sort of *rate limiting* for system calls. Anybody looked > at this? Hmm.. a neat idea :) I think this in conjunction with a decent sized process limit would be quite useful. --------------------------------------------------------------------- |Daniel O'Connor software and network engineer for Genesis Software | |http://www.gsoft.com.au | |The nice thing about standards is that there are so many of them to| |choose from. -- Andrew Tanenbaum | --------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message