PPS. The point of doing this outside GAE is so that you can run the filter on a fixed cost VM solution like Linode. Then the only question becomes whether your attacker can overwhelm your node.js filter... hopefully, it won't reach that point.
- Kris On Wednesday, August 8, 2012 9:48:00 PM UTC-7, Kristopher Giesing wrote: > > PS. I think it would also be possible to hide the identity of the GAE app > the filter talks to. That way you can move your GAE app to a different app > ID, so that the attacker can't hit it directly without going through your > filter. DNS would also point to your filter. > > On Wednesday, August 8, 2012 9:45:51 PM UTC-7, Kristopher Giesing wrote: >> >> Did your attacker change lines of attack after put in the curl blocking? >> Or did the blocking itself not solve the problem? >> >> Here's a thought: use node.js to set up a simple filter (node.js because >> it's high throughput for very lightweight operations). For valid traffic, >> proxy to your real GAE site, otherwise proxy to a honeypot that will >> black-hole the attacker's requests. I say proxy rather than redirect so >> that your GAE site can whitelist the IP of your filter - I think HTTP >> referrer can be spoofed, which would defeat the purpose. >> >> Writing node.js proxies is pretty straightforward (there's code for it on >> the net) so the real trick is then making sure you can distinguish attacks >> from normal traffic - hence my original question. >> >> This is all off the top of my head, there may be holes in this plan I >> hadn't thought of. But it seems like it could work. >> >> - Kris >> >> On Wednesday, August 8, 2012 8:12:17 PM UTC-7, Kate wrote: >>> >>> My site has been on GAE for several years but am now experiencing denial >>> of service attacks. I don't want to pay for them so my site is now down. I >>> put in a production issue last week and have tried blocking the user agent >>> (curl). But I can't block by IP as all IPs are different. >>> >>> Apart from moving from GAE what can I do. >>> >>> Thanks in advance, >>> >>> Kate >>> >>> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/BdA06H3rXigJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
