Using CAR to Rate-Limit or Drop Excessive Malicious Traffic

CAR can be used to rate-limit suspected malicious traffic. There are two main scenarios in which it can be used:

  • Rate-limiting DoS attacks

  • Rate-limiting suspected malicious content

DoS attacks are often conducted using traffic that would have been legitimate if not sent in such excessive quantities so as to overwhelm the intended host and also consume significant amounts of network bandwidth. Often it is very difficult to differentiate the malicious from the non-malicious traffic during these types of attacks. CAR is an ideal mechanism for controlling these types of traffic, where it is difficult to differentiate legal from illegal traffic.

CAR can also be used to drop or limit traffic ...

Get Network Security Principles and Practices now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.