[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D.ietf-v6ops-cpe-simple-security-09
On Mar 20, 2010, at 12:40 PM, Mark Townsley wrote:
> Rate-limiting unsolicited inbound connections rather than rejecting them provides greater end-to-end transparency while still providing protection against address and port scanning attacks as well as overloading of slow links or devices within the home.
SIlly question. Why do you believe that? An address or port scanning attack is not intended to overload a network, it is intended to find an address port that can be used or attacked. Making the scan take more time doesn't prevent it from reaching its target. In what way does rate limiting an address or port scan provide protection?
http://www.ipinc.net/IPv4.GIF