Hacker News new | past | comments | ask | show | jobs | submit login

The router can send back a confirmation code and you must send it back to confirm that request comes from your IP.

Also, on a well-behaved networks that do not allow spoofing IP addresses, this check can be omitted.




> The router can send back a confirmation code and you must send it back to confirm that request comes from your IP.

Ideally with the token packet being larger than the initial packet, so it can easily be abused for a reflection attack... ;-)

> Also, on a well-behaved networks that do not allow spoofing IP addresses, this check can be omitted.

This is already not true for most networks, and in your case would've to be true for all intermediate networks which is just impossible.

In another post you suggest this should also allow blocking entire networks; how do you prevent abuse of that?

Your suggestion is anything but well-thought, it's a pipe dream for a perfect world, but if we'd live in one, we wouldn't have ddos attacks in the first place.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: