Extras

Defenses: Discuss the following defenses in a group. Do you think they would work? Why and why not? When you are done share your answers with the rest of the class.

1. Traffic filtering - look for some pattern in incoming service requests and filter based on that

2. Closing sockets - monitor how long each socket has been open and close it if it stays open longer that some threshold

3. Server distribution - use multiple physical machines to serve content, so that they in sum have more sockets than the attacker can tie up

4. Block attackers - for each "client" of the server, the server monitors how long it takes to send it the service request (how long it holds the socket open). If it is above certain threshold, close the socket and block this client so its traffic is no longer accepted.