Defending against DOS

[Steve]

What techniques do people use to defend against DOS and DDOS attacks?  Can anyone recommend some resources to help people running various bitcoin related sites defend against these attacks?  As someone contemplating creating a bitcoin related service, I am interested in this subject.  The topic probably warrants a dedicated section on the wiki given the recent troubles.

[gusti]

Defending from a proper DDOS attack is not a trivial task. There are already hosting companies with dedicated equipment that give you that kind of protection e.g. : blockdos.net or blacklotus.net  (not affiliated)

[danglybits]

What does anyone have to gain by DOS bitcoin sites?  DOS attacks are not "cheap" are they?

[rezin777]

What does anyone have to gain by DOS bitcoin sites?  DOS attacks are not "cheap" are they?

The motives are as endless as the human imagination. Profit does not necessarily have to be at the top of the list. Look at the amount of people who come into the forums and complain about Bitcoin.

[Steve]

I was thinking that a proof of work system for establishing a TCP connection might solve the issue of a DDOS.  Low and behold, I found this:
http://web.cecs.pdx.edu/~edkaiser/Papers/GlobalInternet08_paper.pdf

Haven't read the paper yet.  Looks to be like something designed to work on today's internet, but I wonder if a robust solution wouldn't ultimately need to employ routers (such that routers are able to kill traffic close to the source that is trying to establish a connection to a destination, but the required difficulty is not satisfied).  Routers wouldn't necessarily need to retain difficulty requirements for all destinations, but a destination that is getting a large amount of connection attempts that don't meet the difficulty requirement could cry out for help from the routers.  Routers would just check connection attempts for a list of "hot" destinations.