Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent DOS attacks on my http server which written in node.js?

Tags:

javascript

security

node.js

ddos

using node.js, the net module for building a tcp server which can hande http requests.

I would like to prevent dos attacks so what I have done is somthing like this:

if (status.numOfCurrentRequests + 1 >= MAX_NUM_OF_CONNECTIONS) {
    socket.end();
    return; 
}

I was wondering if it is better to use :

socket.destroy();

from the API :

socket.destroy() # Ensures that no more I/O activity happens on this socket. Only necessary in case of errors (parse error or so).

what are the differences and benefits?

like image 388
0x90 Avatar asked Dec 22 '11 22:12

0x90

People also ask

How do you stop a DoS attack in node js?

Typical Counter Measures Deployed to Mitigate These Types of Attacks: Limit the maximum number of open connections from a single IP. Impose a minimum transfer speed. Impose a maximum time a connection can stay open, which means set a timeout for the connection.

Can HTTP be used for a DoS attack?

A: HTTP, DNS, and TCP/IP requests are common protocols used for DDoS attacks. DDoS attacks can be disruptive, so take a proactive approach and build an Incident Response plan to respond quickly.

How DoS attack can be prevented?

For this, it is essential to have multi-level protection strategies that use intrusion prevention and threat management systems. These systems can use anti-spam, content filtering, VPN, firewalls, load balancing, and security layers to spot and block attacks before they overwhelm your network.

2 Answers

A DOS attack really shouldn't be handled by your HTTP server. Once a request has reached it the attacker has 'won' by taking up a connection (no matter how short). Even if they are short they can just slam it with thousands/sec and prevent anyone else from connecting. Also, they might not attempt to 'connect' via TCP and just flood the server with all sorts of requests.

Block/detect DOS attacks at a lower level or via a firewall, which I'm sure many software and hardware versions support some basic types of DOS detection and prevention.

like image 197
Ryan Doherty Avatar answered Oct 18 '22 13:10

Ryan Doherty

from the API if it helps anyone, should be used smartly :

 server.pause(msecs)

Stop accepting connections for the given number of milliseconds (default is one second). This could be useful for throttling new connections against DoS attacks or other oversubscription.

like image 4
0x90 Avatar answered Oct 18 '22 13:10

0x90
Sign in to Comment

Related questions

Can Javascript's "document" object be used as a variable?
Flashing Table Row
Setting default values in select2 with AJAX call?
Convert all object values to lowercase with lodash
Get max values from each array of objects
Array sort is not working correctly in JavaScript [duplicate]
how to remove all li in my ul through with it id?
How do I uncheck a checkbox?
How can i get every "a" tag which "href" attribute contain word "youtube"?
Disable browser window scrolling of any kind?
JQuery Knob display number change
How IntroJs achieve the highlighted areas?
Getting multiple selected checkbox values in a string in javascript and PHP
How to combine two arrays as a cartesian product?
Vue.js pass data from slot into component instance
How to get current language setting in the phone with react native
Angular 7: prevent escaping of HTML tags inside a string variable passed to child component through data binding
jQuery count how many divs with a class there are and put into string
Regular expression to match any number NOT ending in zero
Best way to get template variables from an external js file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!