Lawrence D¹Oliveiro wrote:

> It is in the nature of UDP that essentially all the processing is up to
> the receiving application. So the definition of "flood" depends on how
> much your application can cope with. Contrast TCP SYN flood attacks,
> where the "flood" arises because it fills up a connection table managed
> by the kernel.
>
> Checking IP addresses of incoming UDP packets isn't going to be enough,
> since any eavesdropper can determine which addresses you're
> communicating with and spoof packets with those addresses.

Hello Lawrence!

And what other steps do you recommend? Eg. traffic shaping on the router
or running iptables with "--limit" on the udp proxy host, ...

SJ