On Sat, 8 Aug 2009 16:11:29 -0700 (PDT)
Fawkes <daveha...@gmail.com> wrote:

> They can, but apparently they don't, otherwise Twitter wouldn't have
> used it as a tactic.  They're going through a very difficult time, we
> need to be patient and supportive of them!

In order for an attacker to respond to a 302, they have to receive it.
In order to receive it, they have to be giving their real IP address
when they connect. If every legitimate app handled the 302 properly then
those spoofing IP addresses would stand out very clearly.

Even if attackers monitored the IP addresses that they were spoofing in
order to try to escape detection by following the 302 responses, they
still behave differently than legitimate users. The difference is that
now security personel can identify repeated connections from the IP
addresses that are being monitored by the attackers and tarpit those
connections. Supplying a valid IP address from the attacking machines
still slows down the attacker even if that IP address is not the actual
point of origin for the attack.

The moral of the story is "Apps that are good netizens contribute to
the stability of the server."

Chris Babcock

Reply via email to