7

So here's a random idea: DDoS defence swarm.

Install the daemon on your server, and every time your server gets DDoS'd, all members of the swarm will mobilise to defend you, but the catch is that your server will have to help other members of the swarm too.

The defensive technique in question can be one of many:

1. Automated IP blocking/reporting with a blacklist in distributed form.
2. Other swarm members counterattack and cooperatively DDoS the offending addresses.
3. Flood the ISP with automated emails to force them to pay attention to the problem.

...or a combination of all of the above.

The only issue I can see with this is abuse potential. A clever person can trick the swarm into DDoSing innocents.

Comments
  • 0
    Not if you rate the member of the swarm by their actions
  • 1
    @hube Wouldn't it need a decentralised ledger for that? If we add a blockchain to this idea someone will add crypto… nooo
  • 0
    So, uhm, would it be possible to redirect ddos to a dummy server to take the hit? I mean it would just need like an active "pre-server" listener, that would change the destination address (for the offenders) on the fly when a ddos occurs.

    But I guess the detection of the offending connections would have to be pretty sophisticated in order for it to work. (nigh impossible)
  • 1
    @Kgd- DDoS works on the IP level though, which can't really be redirected this way. Besides, if you could reliably identify DDoS traffic from normal traffic, you could simply drop it at the load-balancer instead. :)

    This method works by scoring the compromised hosts used in the DDoS attack and cross-referencing them across the swarm. Bad hosts will show up at least twice in a large enough swarm's history.
  • 1
    Hmm, interesting idea.
  • 0
    Csf firewall does this
  • 2
    Easily missused
  • 2
    Your server cluster would need to be of considerably larger size for it to have any effect.

    Remember the first D in DDoS: Distributed. Thousands of machines all focusing on one. If you have thousands, too, it would be a ~ 1:1 ratio, kinda like pinging your neighbor. Completely ineffective as a deterrent.
  • 0
    @Root Oh, this swarm would be open for anyone to join. Like BitTorrent swarms for example.

    It would grow to be a massive network with enough time. Enough so to have real stopping power.
  • 1
    @voodooattack So easily hijacked or misguided, though.
  • 1
    Wait... wait...

    You want to ddos the ddos botnet?
    HOW?

    Do you even know what are you proposing?
  • 0
    @Gregozor2121 Yes, counter-attacking instead of trying to mitigate it.

    We shall unleash the hounds of war. :D
  • 0
    @voodoattack
    So... you know that ddos works by
    using a botnet (ranging from 100 to 100000 of pc's) and spamming requests to small number of servers.

    You know that servers that are being attacked get requests that they have to process.
    Botnet members arent servers, they are clients. They can just block any incoming traffic.

    Second thing is that you wouldnt have enough processing power to jam their attack. You know you only have few servers and they have THOUSANDS of PC's. In order to jam one pc (if that is even possible) you need thousands yourself.

    What if you want to attack thousands of pc's?
    You need 1000 to ddos one pc so you need 1000*1000 PC's
    Yeah.... It is not happening. It is like russian counteroffensive at stalingrad. You wouldnt have enough numbers to defend.

    It addition to that you have to remember that you might saturate some internet relays... and there are another 100 problems with internet intrastructure that you are going to encounter...
  • 0
    @Gregozor2121 I know the scales you're talking about; but think about this: if millions of machines had some incentive to join into a single swarm (which can be trivial if contribution points were a trade-able cryptocurrency awarded by contributing bandwidth), then you'd have so much decentralised bandwidth to take out a whole subnet.

    Edit: It's still a half-baked idea, but I think the challenges posed are surmountable.
  • 0
    @voodooattack
    Thats only one problem.
    The second one is that your attackers will saturate your network and might even saturate few world wide internet relays! AND YOU WANT TO SEND MORE THAN THAT. Not possible... the network would be alredy full.

    Current ddos'es sometimes can slow have impact on whole internet infrastructure. I have seen a article on that... data rates where 1Tb/s is laughable
Add Comment