Hacker News new | ask | show | jobs
by jart 791 days ago
It's so easy to crush ddos with token buckets that usually the only thing I need my cat to wake me for is when my Discord gets raided.
2 comments
avg_dev 791 days ago
never heard of this before. I looked it up https://en.wikipedia.org/wiki/Token_bucket

I think this would be like a firewall or ingress thing that would drop packets that resulted in excess load before they make it to the application server.

link
jart 791 days ago
Here's the code I use: https://github.com/jart/cosmopolitan/blob/master/net/http/to...
link
sakopov 791 days ago
It's a common rate limiting algorithm. Here's an interesting article from Stripe on how they use it in their APIs. [1]

[1] https://stripe.com/blog/rate-limiters

link
hnlmorg 791 days ago
some types of DDoS. ;)

You could still overload the service with a sufficiently large attack in either volume of connection requests or number of unique IP addresses.

Token buckets are usually part of an overall resilience strategy rather than a silver bullet to solve all denial of service concerns.

link