Perry, There is no reason to be hostile to me, I'm not the attacker. But, now that we know the problem is random IP source addresses as guessed, the problem is more complex, but solvable.
Steve Bellovin and Bill Cheswick, who literally wrote the book on firewalls, don't agree with you. Ask them if you care to.
Great. I was building firewalls before B & C wrote the book, what should we do, bow three time and roll over and play dead. What mantra should we chant?
God, you're an arrogant @#$%, aren't you.
Yes, technically arrogant but not necessarily an @#$%. just an engineer with lots of hours with hands on experience and have not met many problems that were not solvable, okay fusion and time travel are tough and I can't build a Tokamak in my basement :-) Instead of being negative, I prefer to too at the problem and define it in detail. How does that sound? Or shall we just throw sticks and knives at one another and resort to name calling. That will certainly fix it, Perry! ------------- An attacker sends a stream of packets to (fill in the blanks) one hosts, two hosts, a subset of hosts in a network? And the packets arrive with a frequency of ------? and the average available bandwidth of the attack flow is -----? and the average time each packet changes the pseudo random IP source addreses are? And, has an analysis been done to determine are the bogus IP source addresses stochastically random? Or, I suspect, are the changing IP source addresses pseudo-random. Yes, I'm arrogant and believe that given the details and the specifications of the problem, we can solve it and yes I believe that whining about it does little to solve the problem or help make the IP work a better place. I, we, can't however, solve a problem if it is not clearly defined. I would be very surprised to learn that an analysis on the 'random' IP source addresses show the packets truely stochastically random. Is this rocket science? Ok, maybe it is? But non-the-less the problem is not impossible to solve. Sorry for the technical arrogance, but give the facts, not the hyperbola, you don't have to write summary books on firewalls to understand how to solve a problem. Best Regards, Tim