Warning system ddos attacks.
Immediately I warn you - I am not an expert in the field in question and may suggest nonsense, but I will still do it :)
As far as I understand, the ddos attack is a “event” distributed over the territory and compressed (very) in time, the purpose of which is to fill up with requests a specific server (this is simple). So, why not register these bursts of requests on a special service (Center), for example at the level of large providers and hosters and warn the next users trying to make a request about their possible participation in the attack (with a proposal to check the computer for viruses)? Those. a kind of DDOS attack warning :).
For example, at hoster A, an abnormal growth of requests to server X is registered in a few minutes, it sends this information to the Center, similar information comes from a couple of different providers - then the next users will be warned on the browser when they try to send a request for this resource. attacks on the requested resource and the offer: a) check the computer for malicious code, b) apply a little later, c) confirm that he still wants to send the request. You can limit the number of requests already at this level, or you can even try to deny requests (temporarily) without direct confirmation (or which are not from browsers). To do this, you will probably need to either integrate the system into browsers, or into antivirus / firewalls / anti-spam, or install some module / widget to the user. I don’t know how to interest providers (perhaps a decrease in left-hand traffic), but hosters will probably have a “plus” participation in the system that prevents attacks on their servers.
In general, something like this. It is interesting to see your thoughts on why this is impossible (or can it be realized?). Or decided this question and he lost relevance?
')
UPD: Of course, this monitoring system will become more complicated, but you can give an opportunity to connect there and for website owners by connecting, for example, the filter system on the Center regulated by them: a) ignore requests from their site (for those who are sure that this threat is past) a unit of time that is considered “normal / maximum / reasonable” above which the alert will work (including the site owner), c) if there is feedback, adjust the flow by displaying for example a part of clients that is “superfluous” at the moment ( even from a backup server) for example, asking to return later due to technical work, or directly redirecting to a mirror.
As far as I understand, the ddos attack is a “event” distributed over the territory and compressed (very) in time, the purpose of which is to fill up with requests a specific server (this is simple). So, why not register these bursts of requests on a special service (Center), for example at the level of large providers and hosters and warn the next users trying to make a request about their possible participation in the attack (with a proposal to check the computer for viruses)? Those. a kind of DDOS attack warning :).
For example, at hoster A, an abnormal growth of requests to server X is registered in a few minutes, it sends this information to the Center, similar information comes from a couple of different providers - then the next users will be warned on the browser when they try to send a request for this resource. attacks on the requested resource and the offer: a) check the computer for malicious code, b) apply a little later, c) confirm that he still wants to send the request. You can limit the number of requests already at this level, or you can even try to deny requests (temporarily) without direct confirmation (or which are not from browsers). To do this, you will probably need to either integrate the system into browsers, or into antivirus / firewalls / anti-spam, or install some module / widget to the user. I don’t know how to interest providers (perhaps a decrease in left-hand traffic), but hosters will probably have a “plus” participation in the system that prevents attacks on their servers.
In general, something like this. It is interesting to see your thoughts on why this is impossible (or can it be realized?). Or decided this question and he lost relevance?
')
UPD: Of course, this monitoring system will become more complicated, but you can give an opportunity to connect there and for website owners by connecting, for example, the filter system on the Center regulated by them: a) ignore requests from their site (for those who are sure that this threat is past) a unit of time that is considered “normal / maximum / reasonable” above which the alert will work (including the site owner), c) if there is feedback, adjust the flow by displaying for example a part of clients that is “superfluous” at the moment ( even from a backup server) for example, asking to return later due to technical work, or directly redirecting to a mirror.
Source: https://habr.com/ru/post/27022/
All Articles