On Thu, May 22, 2008 at 12:51 AM, Steve Johns <[EMAIL PROTECTED]> wrote:
> 1) We maybe assume that kind of clients won't connect to server > at "same" time. However, what about server got restarted with clients > reconnect at "same" time? Load the connection filter after server starts > 10 > mins? ^^ Sounds like a good idea for when your application deals with many clients reconnecting concurrently. I would also implement it in this manner. > 2) Never use connection filter and we assume there is no such a malicious > attack? Depends on the technichal skills of the "enemies" of your app ;). In practice without some kind of throttleing, connection attempts that do not generate any further load may or may not kill the app if they are issued from one computer only depending on the used internet connections. However, a distributed attack where many computers participate will kill it pretty sure. The filter should not be used with too paranoid settings, though, so that user experience does not suffer but a basic means of protection is given. If a botnet of hundreds or even thousands of malicius clients tries to bring your app down, it will even get it done independet if you use the filter. For this case, you will need some kind of automatic and fast-reacting (geographically) distributed cluster that is able to deal with that. >From this perspective, the throttle filter can be used to prevent the most common attacks for medium groups of attacking computers. regards Daniel
