Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't this trivially mitigated by throttling?

And the throttling seems even simple: give each IP address an initial allowance of A requests, then increase the allowance every T time up to a maximum of B. Perhaps A=B=10, T=150ms.



The whole point of a 'D'DoS is that there are numerous compromised IP addresses, which only need to make maybe one connection each.

You can't simply blacklist weird connections entirely, since legitimate clients can use those features.


The whole point of this attack is to be able to make a lot of requests for each IP address.

If you are making one or few requests per IP you don't need this attack, and also aren't likely to have any effect on a Google-sized entity.


It is a little more complicated because a request is few layers deep. In HTTP2 you open a connection, start a stream, then send a request over that stream.

Are you tracking per connection? Per stream? Isn't it normal for multiple requests to happen quite quickly? I load a single page with 50 external assets, those get multiplexed over the current stream - is that okay? Is that abusive? The other stream is handling a video player and its requesting (http2) frames of video data - too much? Too fast?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: