11-16-2019, 09:25 AM
(11-15-2019, 06:51 PM)kudzu Wrote: You can also do some checks to limit number of sessions per IP or IP block. This can help with a "session start attack" but a DOS attack happens at a lower level and must be handled at the firewall level to be effective.I came across pranksters who were making a DOS attack through a list of proxy servers. They opened a hundred sessions within a minute and each IP was different. Of course, if they were constantly doing this attack, I don't know how my web application could be used at all. The attacks mostly came from India and China, sometimes from the USA.