[noise] My compromise for dealing with DoS
Tony Arcieri
bascule at gmail.com
Sat Jan 9 11:38:12 PST 2016
On Sat, Jan 9, 2016 at 11:34 AM, Tony Arcieri <bascule at gmail.com> wrote:
> There's something a lot simpler you can do though... you can detect the
> attack, and rate limit your responses by IP address.
>
That is to say:
We have an attack detector. It sees a flood coming from IP address X.
We now flip on a rate limiter for IP address X. We pick a limit... say N
requests per second, and if IP address X sends more than N requests per
second, we simply drop them.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160109/eb7eecf3/attachment.html>
More information about the Noise
mailing list