Hacker News new | ask | show | jobs
by tptacek 621 days ago
I mean the safest thing would be to send an RST as soon as you see a SYN for 80/tcp.
2 comments
theamk 621 days ago
That would have a severe downside of not letting your customers access your website.

Fast-abort on bare-0ah will still be compatible with all browsers and major http clients, thus providing extra mitigations practically for free.

link
RedShift1 621 days ago
Wouldn't not replying at all be the safest?
link