Hacker News new | past | comments | ask | show | jobs | submit login

Those requests seldom get far enough to start significant server activity. It's the ones that look like legit requests that are the problem.



Only a small percentage of a volumetric attack has to get through to take you down. Also, depending on the attack, they probably all are "legit requests."


If the source IP is fake, the request can't get beyond the first packet. Those get filtered out easily. That's Cloudflare's main offering.


Seldom isn’t good enough. When it comes to security you have to be right 100% of the time. An attacker only has to be right once. Good luck.


That's not true. Security is always a trade-off between effort invested and probability of a possible breach.

There is no 100% secure system.


This is not true though. Security is about mitigating threat at some cost. There are some threats you can't mitigate cost-effectively. Some are unmitigable at all.


its about layers which includes real security and sometimes trickery. the statement is true though about 100% and the attacker only once but some tack maybe would be in order. there are procedures that can reduce vectors and so minimizing damage and minimizing successes.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: