Posted by J.O. Aho on 04/09/07 17:20

antony wrote:
> if in a form with login (user and pw) what is a good solution for
> to block an dos attack;
>
> someone said that is not a good solution stop the ip because so other
> normal user can to be locked also;

Yes, it's true if the attack is coming from a dynamic-ip, most ISPs supply
dynamic ones to their subscribers.

If you have someone trying to DOS you, then it's better to use a temporary
block on "firewall" level (drop all connection to it without sending replies),
as if you let it go to websever level (in your php code), then you still get
the same load on the system and you will give some kind of response to the
attacker.
When using a temporary block, users will in most cases always be able to
login, even if they happen to get the same ip as the attacker had.

--

//Aho

[Back to original message]