nodejs server against DOS attacks [closed]

Question

I'm in the process of writting a highly scaleable browser based web chat server using nodejs. The concept involved is simple - first it checks browser for websocket support. If not suported or otherwise is incompatible with the server specs, it simply downgrades gracefully to the traditional long polling.

Taking advantage of its highly evented I/O model, I could not find any other framework out there so far so good and fit as nodejs for this kind of job. However, I have an issue relating to DOS attacks for which I decided to come up with a simple solution. However, I'm not so sure if it would be the most ideal way to combat against those massive flooding attacks.

What I plan do is - if 50 requests or more, originating from a single IP address, hits the server within a specific length of time(say 1 second), then deny all further request from that IP until that specific time interval comes to a lapse and so on.

Is this gonna be okay?

Answer 1

This doesn't deal with DDOS attack -- Distributed Denial of Service -- where many IPs are used, and when you need to continue serving some machines that are inside the same firewall as machines involved in the attack.

Often machines used in DDOS are zombie machines that have been taken over. When a DDOS against a large target starts, per-IP throttling may ban all machines from the same fire-walled LAN. This can cause really bad PR for large companies when machines at, for example, the New York Times are infected and used in the DDOS, and Times' reporters check to see if the company's website is down, and are blocked leading them to report that the attack was much more successful than it actually was.

To continue providing service in the face of a DDOS, you really need to block requests based on common elements of the request itself, not just IP. security.se may be the best forum for specific advice on how to do that.