Watching performance on a DHCP Server
David W. Hankins
David_Hankins at isc.org
Wed Feb 13 23:08:53 UTC 2008
On Wed, 2008-02-13 at 12:04 -0600, John Hascall wrote:
> It seems to me that without a timeout<1>, you have an avenue for a
> more subtle denial of service attack -- instead of having to stream
> so many packets at the server that you knock it over, you just have
> to send enough to keep the input queue from emptying.
the queue can only be 28 packets long.
also, the code for a timeout is in but commented out for conflicting
work (the timed event system has only recently been modified to support
sub-second scheduling). it's a trivial matter to put it in now, and as
i said earlier, we will do so in 4.1.0's alphas.
More information about the dhcp-users