On Sat, 30 Aug 2003, Iljitsch van Beijnum wrote:
What would be great though is a system where there is an automatic check to see if there is any return traffic for what a customer sends out. If someone keeps sending traffic to the same destination without anything coming back, 99% chance that this is a denial of service attack. If someone sends traffic to very many destinations and in more than 50 or 75 % of the cases nothing comes back or just an ICMP port unreachable or TCP RST, 99% chance that this is a scan of some sort.
No... I have one T1 to Sprint and one T1 to AT&T, I think my AT&T bill will be high this month so I stop sending OUT AT&T and only accept traffic, all my traffic in that link... So now I push OUT sprint and IN AT&T. I don't want sprint to kill my connection just because all traffic to me is entering AT&T do I?