Comments (6)
Two specific DoS attacks are of immediate importance. They are:
-
repeated evaluation of a code commit.
We can rate limit the submissions to 'r' evaluation request per every 'm' minutes. -
evaluation requests from outside the lab
We can control this by allowing evaluation requests from machines having IP addresses in a subnet. For example, machines in CC Zone-I would have IP addresses in the range of 10.11.1.xx; similarly, IP addresses would have common prefix for Zones-II and III. We need to be able to specify multiple IP subnet prefixes from which we can accept submissions.
The code for all DoS submissions can be put into a DoS component that sits in front of the web application. Only acceptable requests are passed onto the web application.
from autolabjs.
An immediate redressal for DoS attacks would be to simply log all the HTTP requests with their client IP addresses. Morgan seems like a pretty good one.
from autolabjs.
We are using socket.io for taking all submission requests - HTTP won't be of much help. Here's how I think we can address both issues:
- Keep a track of student id used for submission and restrict it to 'r' submissions every 'm' minutes using a database. This would prevent the attack made from different machines under a single user id from keeping the load balancer/execution nodes busy.
- socket.io gives the ip of the connection - using this with the database we can restrict submissions from a range of IP's and restrict the number of submissions made from any IP.
from autolabjs.
Since we already have the client IP address, the following order of checking would be sufficient.
if(client IP in range) {
if(request rate limit not exceeded) {
evaluate
} else {
give rate limit message
}
} else {
give request denied message
}
Using DB for DoS logs may not be wise. When the DoS is in progress, DB slows down which would effect the rest of the application. Hence, it would be better to push out the DoS information into dedicated logs.
from autolabjs.
This is best implemented using Kong gateway.
from autolabjs.
The issue logged to feature requests page. This is not a priority now. Closing the issue.
from autolabjs.
Related Issues (20)
- ansible playbook for setup.sh HOT 3
- ansible playbook for keys.sh HOT 1
- Coding idiom to pass env variables to a JS function HOT 1
- Clean export environment variables HOT 1
- Main server uses stale DB connection
- Drop socket.io from main server? HOT 1
- Mysql behaviour unpredicatable HOT 2
- Congestion Avoidance HOT 5
- Update install script to control docker image builds HOT 2
- Update docker containers HOT 2
- Installation procedure fails due to mysql HOT 9
- Add Ansible task for crontab addition HOT 2
- Deployment Tests Fail
- Correct use of hostnames in Ansible scripts HOT 1
- Integrate glances with install setup HOT 1
- Mainserver configure hyperlink fails HOT 2
- Correct SSL config HOT 1
- Error in Vagrantfile
- Install bug in dependencies.yml
- config page load HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autolabjs.