[noise] My compromise for dealing with DoS

Tony Arcieri bascule at gmail.com
Sat Jan 9 11:38:12 PST 2016

On Sat, Jan 9, 2016 at 11:34 AM, Tony Arcieri <bascule at gmail.com> wrote:

> There's something a lot simpler you can do though... you can detect the
> attack, and rate limit your responses by IP address.

That is to say:

We have an attack detector. It sees a flood coming from IP address X.

We now flip on a rate limiter for IP address X. We pick a limit... say N
requests per second, and if IP address X sends more than N requests per
second, we simply drop them.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160109/eb7eecf3/attachment.html>

More information about the Noise mailing list