16 Apr
2004
16 Apr
'04
12:44 p.m.
On the other hand, we've had DDoS prevention mechanisms (based on multiple rate-limiters, for different kinds of packets) deployed for over 6 months now. They seem to work just fine, are always active, and require no state in the network.
* paul@vix.com (Paul Vixie) [Fri 16 Apr 2004, 17:14 CEST]:
you know how to rate-limit without state in the network? please explain.
Unlike PNAT, you don't need to look at packets traveling both ways. This is a plus, I suppose. -- Niels.