DOS Attacks

Question: Do you have any techniques for stopping Denial of Service (DOS) attacks from the internet?

Answer: We have implemented one technique for stopping these attacks. A DOS is when someone attempts to crash a web site by bombarding it with multiple requests. This is only implemented in the Web Citizen application. By default, if the Citizen application receives more than 1000 requests within 10 minutes from a single IP address, it will stop accepting requests from that IP address for the duration of the 10 minutes. These values are configurable. The default values are hard-coded in the program; they are not in the appsettings file, but adding entries in appsettings can override the defaults.

• You can change the Denial of Service configuration by entering this in the appsettings.config:

  <add key="DOSREQUESTS" value="1000" /> (This is the number of hits that should occur within the duration before blocking the IP address).

  <add key="DOSPERIOD" value="10" /> (This is the number of minutes of the duration).

• 1000 attempts within 10 minutes is the default setting. We track the time of the first attempt from each IP address; if more than 1000 requests occur within the next 10 minutes, we block requests from that IP address for the remainder of the 10 minutes.

  Note: This technique only works for short periods and only against a single IP address. This provides protection against localized DOS attacks. Mitigation of large scale distributed denial of service attacks (DDOS) should be handled by routers and networks.