If I introduce a Thread.Sleep(x) delay while rendering my HTTP response, where x would change depending on the rate of requests from a given IP: from being zero while request rate is low, and gradually increasing if requests are following one after another.
Is this a viable solution to protect against a DDOS?
What are the weak points?
No, it doesn't protect against DDOS attacks. It protects the CPU from being overloaded, but it still occupies the thread while it's sleeping, so an attacker can easily occupy all of the assigned threads in the web server, rendering it unresponsive. It actually makes it easier to perform a DDOS attack.
A Sleep can be used to protect against brute fource attacks by reducing the number of tries that can be done per second. (The drawback is of course that it makes it more sensetive to DDOS attacks.)
It definitely doesn't prevent a DDOS because networking equipment in front of your application may still be overwhelmed.
Additionally the distributed nature of a "distributed denial of service" means that you'll be getting excessive traffic from lots of different IPs, not one.
But regardless, what you're doing in your app doesn't get around whatever is in front your app from being overwhelmed.
A thread sleep is useful only to help guard against cryptography attacks. You can use them to guard against:
Besides these uses, a thread sleep doesn't have much application in security. They tie up resources (connections or session state), so are worthless for guarding against a DoS attack.
No. A DDoS is an attack that used a lot of compromised machines to attack a target. That will protect against smaller attacks like DoSes, but not distributed attacks. Usually, your web server will crash before that could make any sort of effect.
I would recommend a DDoS protection service or host if you're having a lot of problems with them.
DDoS can't be protected by code, it is more then protecting your server, usually DDoS hurt your load balancer and firewall if you have some, if not the DDoS will hurt your server.
DDoS can be done via many levels: UPD/TCP/HTTP etc...
The best way to protect yourself from DDoS is to use reverse proxy so if you go to your site it wont show the real IP, and happily we have now for free with Cloud Flare. https://www.cloudflare.com/
I wrote a small article about how Cloud Flare protects you as i'm using them since a year now and they are the BEST so far and the cheapest.
http://www.yourwwwdesign.com/2012/07/23/best-practice-to-protect-your-site-from-ddos-for-free/
Hope this helps! if you need more help please don't hesitate to contact me.
© 2022 - 2024 — McMap. All rights reserved.
xdepending on the request rates such that it would let regular requests go through easily, while excessive repetitiveness will introduce delays. So it should not be a weak point. The weak point, as others have mentioned, is the distributed nature of requests. – Gezira