Peter Wemm says: > Darren Reed writes: > > Sorry, I missed out on the reason why we should disable discard. > > Would you mind explaining it ? I thought it was like it's name sake - > > a sink hole (blackhole if you like) for packets. Sort of like /dev/null. > > tcp discard allows a "hostile" remote site to pump in a large amount > of traffic into your net, possibly congesting your link to the > internet. That can be done without having discard around, you know. I can simply spray you with UDP datagrams on any port whether you accept them or not -- routers are not psychic, you know. They pass on the traffic regardless unless they are rigged to filter -- and usually they aren't. Perry