Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our specialty !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Rate Limiting

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Anonymity
Author Message
digital8
Second Lieutenant


Joined: 29 Sep 2005
Posts: 1002

PostPosted: Sat Oct 01, 2005 2:02 pm    Post subject: Rate Limiting Reply with quote
A better option for immediate relief, one available to most ISPs, would be to "rate limit" the offending traffic type. Rate limiting restricts the amount of bandwidth a specific type of traffic can consume at any given moment. This is accomplished by dropping the limited packets received when the threshold is exceeded. It's useful when a specific packet is used in the attack. Cisco provides this example for limiting ICMP packets used in a flood:

interface xy
rate-limit output access-group 2020 3000000 512000 786000 conform-action
transmit exceed-action drop
access-list 2020 permit icmp any any echo-reply
This example brings up an interesting problem, which was noted earlier. What if the offending traffic appears to be completely legitimate? For instance, rate limiting a SYN flood directed at a Web server will reject both good and bad traffic, since all legitimate connections require the initial 3-way handshake of TCP. It's a difficult problem, without an easy answer. Such concerns make DDoS attacks extremely tricky to handle without making some compromises.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Anonymity All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group