CAR can be used to rate-limit suspected malicious traffic. There are two main scenarios in which it can be used:
Rate-limiting DoS attacks
Rate-limiting suspected malicious content
DoS attacks are often conducted using traffic that would have been legitimate if not sent in such excessive quantities so as to overwhelm the intended host and also consume significant amounts of network bandwidth. Often it is very difficult to differentiate the malicious from the non-malicious traffic during these types of attacks. CAR is an ideal mechanism for controlling these types of traffic, where it is difficult to differentiate legal from illegal traffic.
CAR can also be used to drop or limit traffic ...