3

I have a program that tells you if your computer is online or not. The way I do it is with the help of a Server that basically sends UDP packets to clients. Clients then respond back letting the server know that they are online. If a client does not respond for the next 5 seconds then I mark it as offline.

Anyways I was testing this service and from a different computer I sent thousands of udp packets to the Server. After sending so many packages the server was not working the way it was supposed to.

So I know if someone is sending me a lot of packets. The problem is how do I block those packages so that my Server can still work?

Edit Possible Solution

I think I will implement the following solution what u guys think?

I will require 2 or more Servers now. If one client finds that the server is not responding then it will then talk to the Second Server. So the attacker will also have to know that there is a second server. Depending on how secure you want to be you could have even 5 servers. I guess that if the attacker knows that there are 5 servers then I just wasted my time and money right? lol

Tono Nam
  • 34,064
  • 78
  • 298
  • 470
  • 2
    I think if we knew the solution to this, there would not be DoS attacks. – SamV Nov 22 '13 at 15:24
  • There are some solutions like IDS and adaptive firewalls that can detect a burst and block requests from the IP temorporarily but if your software is used to measure uptime that is more than a little counter productive. @Fruity is right, it's one of the inherant weaknesses of the web just like privacy and smtp. – ShellNinja Nov 22 '13 at 15:29
  • Oh I see. I did not knew it was called DoS attacks. Thats probably why I havent found a solution on the internet too – Tono Nam Nov 22 '13 at 15:31
  • Per your update: How are you going keep the fact there are extra servers a secret? If the client knows, the attacker knows. I would not re-invent the wheel and just use normal load balancing techniques (this can be a complicated subject and I recommend hiring a consultant who has done it before and paying him/her to set it up) – Scott Chamberlain Nov 22 '13 at 15:43
  • Yeah true there is always a whole! So I guess the question know is how to prevent the hacker from knowing the second's servers address? There is know way you are right. I have to go with your solution – Tono Nam Nov 22 '13 at 15:45

1 Answers1

2

The general solution to this is you buy extra hardware that goes in front of the computer that looks at the incoming packets.

What that extra hardware does depends on what solution you want to use, you could have that hardware distribute the requests to many servers all running the same software (this would make the hardware you added a Load Balancer). You also could have the hardware detect that a unusually large number of packets coming from a single address, the hardware could then start dropping packets from that address instead of forwarding them on to the server (this would make the hardware you added a Stateful Firewall)

There are more options beyond those two but all solutions revolve around reducing the load on the server (usually shifting the load to another piece of hardware dedicated to taking the load). You could potentially upgrade your software to be more resilient to packet floods but unless your current software is written very poorly it won't buy you too much more capacity.

Scott Chamberlain
  • 124,994
  • 33
  • 282
  • 431
  • +1 thanks! This could be extra hardware or could it be a computer that acts like a proxy? – Tono Nam Nov 22 '13 at 15:35
  • A computer that acts as a proxy **is** extra hardware. It does not need to be a [computer appliance](http://en.wikipedia.org/wiki/Computer_appliance), it can be a full computer running whatever kind of software you need to solve the problem. – Scott Chamberlain Nov 22 '13 at 15:38
  • Thanks. what you think about having that extra hardware as the same Service and use it in case the primary one is not responding? – Tono Nam Nov 22 '13 at 15:43
  • That technique is called "[Fallover](http://en.wikipedia.org/wiki/Failover)", however I doubt how successful you will be having the load balancer and the fallover server be the same computer.(Unless you don't have a load balancer and you can modify the client to try the fallover computer if the main is not working, this would not work for stuff like a webserver, but if you had a custom client you can modify it is very possible to do) – Scott Chamberlain Nov 22 '13 at 15:45