0

I came up with an model to reduce DoS and DDoS attacks and would like your input on its effectiveness... enter image description here

Basically, once a request reaches our servers without having a valid key, we add a key as a query parameter of the url, then return a redirect response to the client with the same url but with a valid key.

Then we can use this key to throttle the requests instead of using an IP Address.

I understand that the attacker might still make millions of new requests to the server, but redirecting the client should be fairly lighter than say downloading a video or large file.

What do you think?

McKabue
  • 107

1 Answers1

4

The problem with DOS or DDOS is that they are legitimate requests. Your flow may help but it will not solve the problem. Imagine 4 million requests doing step one all at the exact same time. DDOS.

There is no way to "prevent" a DDOS attack because it is a valid request. You're best bet is to simply throttle connection attempts in a way that no human would be likely to trigger. Say 10 requests a second per IP. Then add additional filtering for very broad ranges, for example, if most of your customers are in the US, filter all other countries' IP addresses to a collective 20 connections a second.

Finally, review the status of connections when there is a problem and blackhole known bad behavior IP address ranges.

Still, even that can't totally prevent DDOS attacks. It can greatly reduce them though and that will make you a far less attractive target.

plr108
  • 111
  • 4
coteyr
  • 2,583