On Jan 6, 2010, at 3:12 AM, Dobbins, Roland wrote:

> Wrong.  The attacker just programmatically generates semantically-valid 
> traffic which is indistinguishablle from real traffic, and crowds out the 
> real traffic.
> 
> All those fancy timers and counters and what-not don't matter.
> 
> I've seen it done over and over again.  Why some folks seem to think this is 
> theoretical or that I somehow haven't thought of something they think will 
> prove to be a magic solution is really beyond me, heh.

The reality is they just have not been attacked yet, and hence have no 
experience in what to do about the problem...

- Jared

Reply via email to