PPS. The point of doing this outside GAE is so that you can run the filter 
on a fixed cost VM solution like Linode.  Then the only question becomes 
whether your attacker can overwhelm your node.js filter... hopefully, it 
won't reach that point.

- Kris

On Wednesday, August 8, 2012 9:48:00 PM UTC-7, Kristopher Giesing wrote:
>
> PS.  I think it would also be possible to hide the identity of the GAE app 
> the filter talks to.  That way you can move your GAE app to a different app 
> ID, so that the attacker can't hit it directly without going through your 
> filter.  DNS would also point to your filter.
>
> On Wednesday, August 8, 2012 9:45:51 PM UTC-7, Kristopher Giesing wrote:
>>
>> Did your attacker change lines of attack after put in the curl blocking? 
>>  Or did the blocking itself not solve the problem?
>>
>> Here's a thought: use node.js to set up a simple filter (node.js because 
>> it's high throughput for very lightweight operations).  For valid traffic, 
>> proxy to your real GAE site, otherwise proxy to a honeypot that will 
>> black-hole the attacker's requests.  I say proxy rather than redirect so 
>> that your GAE site can whitelist the IP of your filter - I think HTTP 
>> referrer can be spoofed, which would defeat the purpose.
>>
>> Writing node.js proxies is pretty straightforward (there's code for it on 
>> the net) so the real trick is then making sure you can distinguish attacks 
>> from normal traffic - hence my original question.
>>
>> This is all off the top of my head, there may be holes in this plan I 
>> hadn't thought of.  But it seems like it could work.
>>
>> - Kris
>>
>> On Wednesday, August 8, 2012 8:12:17 PM UTC-7, Kate wrote:
>>>
>>> My site has been on GAE for several years but am now experiencing denial 
>>> of service attacks. I don't want to pay for them so my site is now down. I 
>>> put in a production issue last week and have tried blocking the user agent 
>>> (curl). But I can't block by IP as all IPs are different.
>>>
>>> Apart from moving from GAE what can  I do.
>>>
>>> Thanks in advance,
>>>
>>> Kate
>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/google-appengine/-/BdA06H3rXigJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-appengine?hl=en.

Reply via email to