30 Jun
2014
30 Jun
'14
8:42 a.m.
Le 2014-06-30 06:12, Roland Dobbins a écrit :
what is needed however is session timeouts. This can help, but it isn't a solution to the botted/abusive machine problem. They'll just keep right on pumping out packets and establishing new sessions, 'crowding out' legitimate users and filling up the state-table, maxing the CPU. Embryonic connection limits and all that stuff aren't enough, either.
Why? Cause that (per-subscriber limits on ports and memory) is exactly what we recommend in RFC 6888... Simon