DOS Attacks

Question: Do you have any techniques for stopping denial-of-service (DOS) attacks from the Internet?

Answer: A DOS attack occurs when someone attempts to crash a web site by bombarding it with multiple requests. Lucity has implemented one technique for stopping DOS attacks in the Citizen Portal application.

By default, if the Citizen application receives more than 1000 requests within 10 minutes from a single IP address, it will stop accepting requests from that IP address for the duration of the 10 minutes. The maximum number of requests and the time period values can be configured by an administrator. The default values are hard-coded in the program; they are not found in the appsettings file. However, adding entries in appsettings.config file can override the defaults.

• You can change the denial-of-service configuration by entering the following code strings in the appsettings.config file:

  <add key="DOSREQUESTS" value="1000" /> (The value represents the number of hits allowed to occur within the period before blocking the IP address.)

  <add key="DOSPERIOD" value="10" /> (This value represents the number of minutes in a single period.)

• 1000 attempts within 10 minutes is the default setting. Lucity tracks the time of the first attempt from each IP address; if more than 1000 requests occur within the next 10 minutes, the system blocks requests from that IP address for the remainder of the 10 minute period.

  Note: This technique only works for short periods and only against a single IP address. It is intened to protect against localized DOS attacks. Mitigation of large-scale, distributed denial of service attacks (DDOS) should be handled by routers and networks.