I don't need no stinking firewall!
jared at puck.nether.net
Wed Jan 6 13:42:37 UTC 2010
On Jan 6, 2010, at 3:12 AM, Dobbins, Roland wrote:
> Wrong. The attacker just programmatically generates semantically-valid traffic which is indistinguishablle from real traffic, and crowds out the real traffic.
> All those fancy timers and counters and what-not don't matter.
> I've seen it done over and over again. Why some folks seem to think this is theoretical or that I somehow haven't thought of something they think will prove to be a magic solution is really beyond me, heh.
The reality is they just have not been attacked yet, and hence have no experience in what to do about the problem...
More information about the NANOG