> Thanks for your help - two last questions regarding this: > > 1. On a FreeBSD router/firewall, does it take more processing power to > respond to (and reset) a SYN to a target IP:port that is nonexistent than > it does to respond to a target IP:port that is in heavy use ? > > that is, is there some caching mechanism in use that makes incoming DoS > packets to _already busy_ IP:ports "cost less" in terms of processor than > SYN packets to IP:ports that don't exist ? Just curious. I think (when looking for my routers) that exact ipfw rules have much more influence on CPU usage.
But _why_ ever your router responds? Just drop everything come to router with dst == any of router IP exept some ICMP. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
