On Dec 18, 2012, at 10:30 PM, Paul Vixie wrote: > RRL is designed in a way that keeps state manageably finite.
Sure, but RRL isn't the issue; it's all the rest of what 'application firewalls' do which causes them to choke. I've yet to see one which doesn't choke under even moderate DDoS, and have never seen one which implements any form of classification in a stateless or minimized-state manner. ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
