On Mon, Aug 22, 2005 at 01:33:37PM -0400, Jason Gurtz wrote: > > Certainly raw sockets would be a huge risk, but I don't see how echo_reply > at a 1 per second rate or something is a problem. I guess a non-root user > could flood a host just as easily with some standard TCP packet--HTTP GET > for example by forking wget? Seems like it would be a better idea to just > (uh oh, there's that word "just" ;) have a limited per user heap of > available network connections. Hey, wouldn't it be cool if root could > arbitrate how many of each type (TCP, UDP, ICMP) of connection each > user/group had in each of its instance's heap.
There is. It's called iptables. -- Archaic Want control, education, and security from your operating system? Hardened Linux From Scratch http://www.linuxfromscratch.org/hlfs -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
