[c-nsp] rate limit dns
Dobbins, Roland
rdobbins at arbor.net
Fri Jan 3 07:04:31 EST 2014
On Jan 3, 2014, at 6:57 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> It would be interesting to see some real-world numbers on this, to see if it is a win or not. As I say, my gut says no, but gut != proof ;o)
I've seen it melt enough times in real life that I get a sinking feeling in my gut every time someone mentions it.
;>
> It seems to me that any system which can detect "bad" replies would be better thresholding them into short-lived stateless blocks, rather than short-lived stateful.
This matches my experience, concur 100%.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list