zlacker

[return to "Twitter Is DDOSing Itself"]
1. oh_sig+xn[view] [source] 2023-07-01 20:20:37
>>ZacnyL+(OP)
Certainly not good, but not all GET requests are equal. If these are responded to cheaply, at the point of connection termination, then it might be the case that no one has bothered to clean it up yet.
◧◩
2. Matthi+xu[view] [source] 2023-07-01 20:57:53
>>oh_sig+xn
Not exactly sure if that's what you recommend. But connection termination is not necessarily a good thing for DDOS mitigation. The reason is that the client might just retry immediatly - and it will do that using a new TLS connection. And the handshake for that connection has a huge cost. If you plan on disconnecting clients *after* a TLS connection had been established, you will also need to implement TLS handshake rate and connection limiting. That's possible, but I've only seen a tiny amount of services every implementing it.
[go to top]