On Thu, May 02, 2002 at 04:28:44AM +0000, Christopher L. Morrow wrote:
Let me say this one more time... "RATE LIMITS DON'T DO SHIT TO STOP ATTACKS" for the victim atleast, all they do is make the job of the attacker that much easier. For instance:
1) I synflood www.avleen.org 2) you rate-limit syns to 1MB 3) I now only flood 1MB and I still win
So, don't rely on a rate-limit as its not going to help.
Thank you, I can't make this point enough and people still say "we'll just rate limit!". Filtering is only as good as your ability to DETERMINE WHAT TO FILTER. The only time you can get anything from this is when you admit defeat on keeping your services responding to new connection but want to keep existing connections and/or the end servers from failing completely. Depending on the service in question this may or may not be a good goal. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)