[ratelimits] CH/TXT/id.server queries rate-limited

[Jay Daley]

On 26/10/2012, at 5:43 PM, paul vixie <paul at redbarn.org> wrote:
> the window size describes the dimensions of a penalty box. the victim's bucket gets some tokens every second, and it loses a token for every attempted response. when the bucket contains zero or negative tokens, responses are suppressed. but it can keep on going more and more negative if more responses are suppressed than tokens credited each second, up to a maximum of "rate * window". this effectively means that if somebody is pounding the hell out of a bucket they can remain in the "stopped" state for "window" seconds     after their behaviour improves. thus, a penalty box of "window" dimension.
> 
> all of this is explained at <http://ss.vix.com/~vixie/isc-tn-2012-1.txt>. readability patches are welcome.

Ok I've read it now and I understand.  Using negative tokens is quite neat since it forces input behaviour as well as controlling output behaviour.  In other words, without negative tokens an attacker could just send as much as it liked knowing that the output would be maximised at the rate limit, but with negative tokens it is forced to not exceed the query rate limit (as provided by the window) in order to maximise the output rate, because all excess traffic reduces output in a cumulative fashion..

Jay


-- 
Jay Daley
Chief Executive
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 931 6977
mobile: +64 21 678840
linkedin: www.linkedin.com/in/jaydaley