>> So how do you prevent somebody connecting to your server a thousand
>> times per second and feeding it duff credentials, thereby preventing any
>> legitimate users logging in, and wasting lots of CPU power?
>>
>> See, security isn't so simple...
>>
>
> by having a real firewall (such as the aforementioned Cisco ASA)
> configured to throttle individual connections. ;)

I'm sorry, I thought we were still talking about "why the average home 
user can't easily send a file to another average home user". :-) I doubt 
many home users will pay hundreds of pounds for a Cisco ASA and spend 
god-knows how long learning what "tee sea pee eye pee" is in order to 
set this up.

> Now the /b/tard in question would have to use zombie PCs to do his DOS
> against your machine.

Yeah, because none of the script kiddies have figured out how to do 
that. ;-)

Then again, if somebody decides to DDoS you, it doesn't matter if you 
have *no* ports exposed to the Internet... You still get no service.

Sometimes I think it would be nice if there was a widely-supported 
standard for configuring the firewall at the /other end/ of the last 
mile to drop certain packets. But anyway...

Post a reply to this message