said by espaeth:We have to make a decision, and I think this should be one of those opt-out kind of deals. On the one hand you have a vast multitude of users who have infected computers, and don't know how to control them. On the other hand you have users who may generate traffic that fits the traffic profile of an infected box, but it legitimate. For the sake of protecting the stability of the internet there should be an option to deploy this type of attack mitigation (syn rate limiting) tech to protect home users. Power users or techs should have a way to opt out and of this and simply get the dumb pipe we all have been craving for lately. said by Cabal:
100 SYN packets per second to the same address is what most engineers would consider a SYN flood.
Exactly - this will trip DoS mitigation hardware from Cisco, Tipping Point, Checkpoint, Arbor, etc.
What next? If I make several connection attempts to DoD network addresses Comcast dispatches the FBI to throttle my connection by taking my hardware?
The number of unrelated events that we can relate to Comcast throttling are endless - time to get creative people!