Home / server / Questions / 209272
Accepted
David
Asked: 2010-12-06 01:17:12 +0800 CST

Distributed web server to stop DDos attacks? [duplicate]

  • 772

I have been thinking about a way to hinder DDos (Distributed Denial of Service) attacks (which seems to be a hot topic at the moment) by placing a signed Java Applet on the web site. This Java Applet should function as a web server so people viewing a web site could utilize their bandwidth to help others access the same web site. The Java Applet should not be included on the front page, but only if you clicked on a link like: "Help us against DDos attacks". Of course the first web page to get distributed to the web server, would be the front page, and just doing this should alleviate a lot. There are a lot of issues with this, which I simply lack the knowledge to solve.

  1. Could this be utilized to help against DDos attacks?
  2. Would it be possible to do this in such a way that one can guarantee that the content that the distributed web servers sends out is the actual content of the page?

The distributed web servers could communicate with eachother, so they could organize themselves in hierarchies according to bandwidth etc.

There would need to be a central server to decide what content to present and which servers to utilize, but maybe it could be configured on only communicate with the Java applets so it would only accept incoming connections from certain IP addresses or something like that?

I believe that lots of people would keep this page running in the background to help out vulnerable web sites.

Please help me think outside the box on this issue, because there is a web site, I would really like to help out.

domain-name-system web-server ddos

4 Answers

  1. Best Answer

    This is highly unlikely to succeed. Here is why:

    • Despite your claim otherwise, you will not be able to distribute the applet once you are a victim of DDOS, because few or no legitimate users will be able to reach your site and download the applet. Remember, a browser applet is lost once you leave the page.
    • Even if you could convince people to download a standalone applet as a kind of p2p client (which then could be written in any language) an attacker can plan for this and also attack your p2p infrastructure, thus DDOSing all your users as well.
    • I can't see how you will inform regular user browsers to use your p2p applets when your network is down because it is under attack.

    In short: Although your idea sounds nice, it won't help you against DDOS attacks.

    • 3

  2. DDos is a hot topic whenever some big guy decides it's time for some viral marketing so they can sell their awesome blackbox product. What you are talking about is peer to peer web hosting, something freenet does. p2p web hosting doesn't solve ddos problems. the master nodes and other related services (dns?) are still vulnerable. DDOS doesn't mean just hitting a web page or sending syn-only traffic from multiple zombie machines. Things get much smarter depending on what money are in the game. DDos means you will probably not even be able to distribute your applet to some initial number of visitors (supposing you will ever design a good algorithm for this). You will always have some failure points in your solution, distributed or not.

    • 2

  3. Yes, loadbalancing can be a solution to fight DDoS attacks.

    • 0

  4. http://cipherdyne.org/psad/download/ You can read this tutorial.

    Ddos atack is syn ,acc and another bad pakage.

    This is simple rule to stop SYN ACC in sysctrl

    Enable IP spoofing protection, turn on Source Address Verification

    net.ipv4.conf.all.rp_filter = 1

    Enable TCP SYN Cookie Protection

    net.ipv4.tcp_syncookies = 1

    • 0