On Oct 29, 2012, at 8:26 PM, Klaus Darilion wrote: > So, the result may not be perfect, but it is better then no rules at all.
I'm not sure that this is a true statement. If the rate-limiting is based upon source IPs, then there's potentially a lot of state there. If the rate-limiting is based upon the destination IP, then it guarantees that programmatically-generated attack traffic will 'crowd out' legitimate requests. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
