0 Members and 1 Guest are viewing this topic.
But how often is the blocklist referred to by patch or cache?
it would only need the IP detection be done by a single monitor or perhaps at the cache level...
I think that they can monitor our discussion, but it IS just a 'kicking an idea around' episode, but maybe worth investigating...
The drawback of this method is in how it will become abused, when you have so called developers abusing their knoweldege to deliver spoofed packets that purport not to originate from their IP the method above fails and instead becomes a means to block inooncent users from the network.
Gs, are you referring to someone launching attacks from behind an exit node like Tor or another similar anonymous service. Then all users using that exit node pay for someone else's actions.
I actually had already considered that. Other anonymous users would be blocked in the beginning but the attackers would quickly run out of ip addresses to attack from. Their attacks would be a waste of time if this method worked so why would they continue to attack? So in the beginning some good users would be temporarily blocked, but over time those numbers should dwindle away.
How many IP addresses are we talking about within any given hour? How many exit nodes are there?