> > number of sessions and maintaining a connections/period limit as well. The
> > best you can do is increase the bandwidth an attacker needs which also
> > conveniently reduces the potential dead time.
>
> Increasing bandwidth is not the definitive solution,
> since not everyone does have "fat pipes".
Increasing bandwidth needed to attack is the solution for exactly this reason.
> I know xinetd but I am for the "secure and robust out of the box",
> than means if the user instally RH and selects server install,
> the system should be configured for maximum security and robustness.
Maximum security probably not. Reasonable security yes. Maximal security
in a conventional definition is close to unusable. No modules, no Xserver,
no running untrusted binaries, no superuser account, no direct I/O access
of any kind, no raw disk access after boot etc..
> Just for curiousity: How do the inetd's or other UNIXES manage the attacker
> problem (DOS) ?
Same code. Same features, same properties. Everyone (almost) uses BSD inetd.
There is xinetd which is worth looking at too.
Alan
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
