How to Stop DDoS Attacks by simple function on web server?

Question

I have an overview ideas of the preventing ddos attacks, in a simple way. Please clarify me, if my thinking is wrong.

Option 1

From the basic understanding of the DDOS attacks is that the attacker is sending a lot of data to the web server. So what about the website that offer big data uploading to their website? Aren't they not also receiving a lot of data at the same time from many uploading users?

Can't the web server treat the ddos attacks like a many users uploading data?

Option 2

What about a website offer, everyone who visit the website temporary key? With that temporary key insert into the website, the only one (PC/IP) can access that website, so bot-net can't attack the website (bot-net doesn't have the temporary key). Can bot-net note the key and insert into the website?

P.S.

This is the similar question DDoS - Impossible to stop?

Answer 1

Option 1

From the basic understanding of the DDOS attacks is that the attacker is sending a lot of data to the web server.

Not in every case, the slowloris and SYN flood attacks do not send tons of data yet they are classified as DDoS. Each host attacking the target sends just a little information, enough to clog the victim's network and prevent it from opening more connections and accept valid requests. For this reason, it is not possible to treat the ddos attacks like many users uploading data, they are attacking the entry point of the web server, not the application.

What the sites that take large amounts of data do is a combination of redundant servers, finely tuned web servers and other techniques, all of them come with a cost, both in management and money, and still, they know that a DDoS can only be mitigated but not avoided (remember github)

Option 2

What about a website offer, everyone who visit the website temporary key? With that temporary key insert into the website

You are thinking about the application managing the requests but DDoS attacks can also target the lower layers of the stack. In general there are (arguably) 3 categories of DDoS attacks:

• Volume based: ICMP flood, UDP floods,...
• Protocol Attacks: Ping of Death, Smurf, SYN floods...
• Application Attacks: Slowloris, Apache specific attacks...

Your idea would work for the application attacks but not for the others.

Answer 2

Really, the question you are linking to answers your question.

These are very brief explanations of why these options wouldn't work. For more detail see the question linked to in your question.

Option 1: Even that server has a limit to the number of users it can handle. A DDOS would have to reach that limit to be effective.

Option 2: If the entire botnet requests keys, each bot for itself, would all of them be able to connect. If there is a limit on the number of keys, what happens when the botnet reaches that limit.

Answer 3

At the very core, a denial of service (DoS) means using a service in such a way that disrupts other users use of the service.

If a user that is uploading a big file causes the server to exhaust some resources and end up rejecting requests from other users, that's a DoS. A DoS does not require intent of malice. Any service disruptions counts as denial of service.

An attacker with malicious intent can use botnet to cause a denial of service, usually for ransom. A botnet usually do this by sending large number of request to overwhelm the server's capacity to handle requests, disrupting other user's access to the service.

A botnet can be programmed to do anything that the botnet author programmed it to do. If your website require that all accesses to contain a temporary key (cookie), the botnet would just need to be programmed to obtain the temporary key. Or it could just overwhelm your server's ability to check whether the temporary key is there or not.