You are viewing a single comment's thread.

view the rest of the comments →

0
1

[–] 21113029? 0 points 1 point (+1|-0) ago 

Been on and off for weeks or longer but hasn't it always been attacked by DOS attacks?

0
0

[–] 21114572? ago 

How would that work? Wouldn’t not being able to get past login prevent that?

0
2

[–] 21117013? 0 points 2 points (+2|-0) ago 

No.

DDoS usually focuses on the connection establishment handshakes which take place well before the login page is served. That's why it's difficult to counter.

There's not (inherently) anything distinguishing a connection from a DDoS attack from a legitimate connection.

The only way to discriminate between the two is by correlation with other factors like "Is the source IP establishing too many connections at this time ?".

Correlation is expensive (needs a bunch of logs and log parsing), prone to false positives and sometimes impossible.

0
0

[–] 21113875? ago 

6million hits a second, every second, all day

0
0

[–] 21116984? ago 

6 gorillion