Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

nodejs server against DOS attacks [closed]

I'm in the process of writting a highly scaleable browser based web chat server using nodejs. The concept involved is simple - first it checks browser for websocket support. If not suported or otherwise is incompatible with the server specs, it simply downgrades gracefully to the traditional long polling.

Taking advantage of its highly evented I/O model, I could not find any other framework out there so far so good and fit as nodejs for this kind of job. However, I have an issue relating to DOS attacks for which I decided to come up with a simple solution. However, I'm not so sure if it would be the most ideal way to combat against those massive flooding attacks.

What I plan do is - if 50 requests or more, originating from a single IP address, hits the server within a specific length of time(say 1 second), then deny all further request from that IP until that specific time interval comes to a lapse and so on.

Is this gonna be okay?

like image 959
spaceman12 Avatar asked Feb 07 '13 16:02

spaceman12


People also ask

How can DoS attacks be stopped?

Protect Your Network PerimeterMore aggressively time out half-open connections whenever possible. Drop malformed and spoofed packages as early as possible. Rate limit your router to prevent volumetric DDoS attacks. Set lower thresholds for SYN, ICMP, and UDP flood.

Can a VPN stop a DoS attack?

Generally speaking, yes, VPNs can stop DDoS attacks. A primary benefit of a VPN is that it hides IP addresses. With a hidden IP address, DDoS attacks can't locate your network, making it much harder to target you.

What strategy is the better to prevent a DoS attack on your Nodejs application?

Avoid DOS attacks by explicitly setting when a process should crash. Otherwise: This is just an educated guess: given many Node. js applications, if we try passing an empty JSON body to all POST requests — a handful of applications will crash.


1 Answers

This doesn't deal with DDOS attack -- Distributed Denial of Service -- where many IPs are used, and when you need to continue serving some machines that are inside the same firewall as machines involved in the attack.

Often machines used in DDOS are zombie machines that have been taken over. When a DDOS against a large target starts, per-IP throttling may ban all machines from the same fire-walled LAN. This can cause really bad PR for large companies when machines at, for example, the New York Times are infected and used in the DDOS, and Times' reporters check to see if the company's website is down, and are blocked leading them to report that the attack was much more successful than it actually was.

To continue providing service in the face of a DDOS, you really need to block requests based on common elements of the request itself, not just IP. security.se may be the best forum for specific advice on how to do that.

like image 106
Mike Samuel Avatar answered Oct 27 '22 06:10

Mike Samuel