@briankrebs Why would standard DDOS protection not apply here?
@briankrebs I thought that DDOS protection shuts down or rate-limits connection attempts after detecting a high volume, right? Does that detection just not work if they requestor also sends cancellation messages?
In other words, after the first 10 or 100 are sent and cancelled, why would the server not just reject any connection attempt from that host?
@LouisIngenthron because you can't know for sure who's behind the endpoint sending stream resets. It could be a non-malicious user. The vuln is not that bad. Manageable.
@cek To the best of my knowledge, everything you just said applies to traditional DDOS attacks too. You can't tell if they're malicious either, but once they go over the limit, you cut them off anyway to play defense. Why does that not apply here?
@LouisIngenthron Maybe because it's abusing a feature less than a vulnerability?