|
|
|
|
|
|
by neilv
386 days ago
|
|
|
You know a solution, not necessarily the? What do you have to do to characterize packets sufficiently to shield against DDoS with negligible false-positive significant blocking? (Without needing to associate packets with an identifiable person, nor zero-knowledge proofs of a person, etc.) It's OK to discard some prior requirements. (For example, it's OK to insert occasional brief latency (not barge-in Web browser JS) to some traffic, if that permits an approach that greatly reduces false-positive blocking. And it's OK to pass some traffic with a suspected single client, but then change your mind later. It's OK to forget about connection abstractions and clients, and look only at stateless packets and the entirety of traffic.) |
|
|