Re: UDP packet handling weird behaviour of various operating systems

["Sean Hunter" <sean () uncarved com>]

Regular readers of this list may be amused to know that since this message hit
the list I have been subject to sustained attempts to attack my host using the
udp flood thingy (and other methods) from many different source addresses.
Before I got bored, I logged more than 500 unique source addresses in less than
an hour.  I have also been subjected to several port scans, some of whom forged
the addresses of some of the icann root nameservers as the source addresses of
their packets[1].  This attack has given me the perfect chance to test out my
firewall rules "in anger", and has shown that the udp rate limiter detailed in
my previous message works perfectly (although I have made some tweaks since the
original posting that have improved its performance further).

I'd like to thank those who helped me test my firewall for their interest, but
the box is still perfectly usable and I'd appreciate it if they could turn
their attentions elsewhere. 

Thanks

Sean

[1]I don't use the ICANN root, so I don't contact the rsc root servers very
often as you might imagine.