You are viewing a single comment's thread.

view the rest of the comments →

0
0

[–] 21114572? ago 

How would that work? Wouldn’t not being able to get past login prevent that?

0
2

[–] 21117013? 0 points 2 points (+2|-0) ago 

No.

DDoS usually focuses on the connection establishment handshakes which take place well before the login page is served. That's why it's difficult to counter.

There's not (inherently) anything distinguishing a connection from a DDoS attack from a legitimate connection.

The only way to discriminate between the two is by correlation with other factors like "Is the source IP establishing too many connections at this time ?".

Correlation is expensive (needs a bunch of logs and log parsing), prone to false positives and sometimes impossible.

0
0

[–] 21117742? ago 

How do other sites deal with it?