>> On the other hand, we've had DDoS prevention mechanisms (based on >> multiple rate-limiters, for different kinds of packets) deployed for >> over 6 months now. They seem to work just fine, are always active, >> and require no state in the network.
* [EMAIL PROTECTED] (Paul Vixie) [Fri 16 Apr 2004, 17:14 CEST]:
> you know how to rate-limit without state in the network? please explain.
Unlike PNAT, you don't need to look at packets traveling both ways.
This is a plus, I suppose.
-- Niels.
