Rate method of opposition to DDoS

0 like 0 dislike
2 views
In short: it is a network of many computers (it is supposed that the usual custom) with white IP addresses and a free 80m port, which are connected to the network with a tree structure. From this set of computers selected some of the "edge", which in this case are the leaves of the tree, and their IP addresses can be specified as of the A-records of domain your website, and the real ip address of the site knows only the root computer. Communication is the chain of client-list-promezhutochnoe-root-server Computers somehow can detect some types of attacks and to prevent the transmission of such requests on to the root of the tree, and, consequently, the protected server.

What disadvantages can there be such a architecture? Does it have any prospects?
by | 2 views

3 Answers

0 like 0 dislike
and how do you plan to remove from the A-records inactive/not available stations?
In General, nothing new, and are used by many system services protection against DDoS, just not on desktops and across multiple data centers in different countries spread points of entry (smear either BGP or DNS, or both that and another together), then the cleaned traffic is sent to the protected server, or inside a GRE tunnel, or proximedia. In the end, the botnet does not know the IP of the server, and only the IP of antidoron.
by
0 like 0 dislike
Well, if "computers somehow" teach to detect attack, this approach can help during a DoS attack, but not for DDoS. And everything that you have outlined can be implemented easier through even the netfilter nikah. I think the idea of A recording is too...
by
0 like 0 dislike
And how this thing will withstand a DDoS 10-15 GB/s? You need to distinguish between the attacks of the "evil, bad request" and the stupid flood.
by

Related questions

0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
0 like 0 dislike
4 answers
110,608 questions
257,186 answers
0 comments
28,758 users