Bitcoin Forum
December 11, 2017, 03:42:26 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: CAPTCHA to mitigate DDoS attack?  (Read 2941 times)
olalonde
Newbie
*
Offline Offline

Activity: 25


View Profile
April 22, 2013, 10:16:49 AM
 #1

I was wondering if Mt.Gox could force all visitors to solve a Google hosted CAPTCHA before being able to access the website. It seems that the small annoyance of having to solve a CAPTCHA would outweigh the damage done by a DDoS. Logged in users and users who have previously solved a captcha should be exempt from the CAPTCHA requirement.

Would this even work? Would it be a good idea?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513006946
Hero Member
*
Offline Offline

Posts: 1513006946

View Profile Personal Message (Offline)

Ignore
1513006946
Reply with quote  #2

1513006946
Report to moderator
1513006946
Hero Member
*
Offline Offline

Posts: 1513006946

View Profile Personal Message (Offline)

Ignore
1513006946
Reply with quote  #2

1513006946
Report to moderator
1513006946
Hero Member
*
Offline Offline

Posts: 1513006946

View Profile Personal Message (Offline)

Ignore
1513006946
Reply with quote  #2

1513006946
Report to moderator
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1792

Newbie


View Profile
April 22, 2013, 10:19:24 AM
 #2

This could help against application level DDoS but useless against attacks on lower levels.
sagiko
Jr. Member
*
Offline Offline

Activity: 58


View Profile
April 22, 2013, 10:26:21 AM
 #3

This could help against application level DDoS but useless against attacks on lower levels.

Exactly. Without knowing how they fell, can't really suggest anything meaningful. I wonder whether they are willing to share more details on this DDOS.

BitCoin Wallet: 1H7Tjg7xVE4xtdS1b7ZoKKFVbKdSMuNafZ
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
April 22, 2013, 05:45:02 PM
 #4

This is actually a great idea.

They could even separate their home page from the rest of the system (use a cache, etc.) so you could access the home page without a captcha but need to solve one for anything else (which might be more resource intensive).

This could help against application level DDoS but useless against attacks on lower levels.

What do you mean "lower levels"? You mean like remote DB access? Any impact on something like that would be solved by using local DB connection only. As for a file server that could require a valid session the same way an application would.

bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 658


Preaching the gospel of Satoshi


View Profile
April 22, 2013, 05:49:53 PM
 #5

This is actually a great idea.

They could even separate their home page from the rest of the system so you could access the home page without a captcha but need to solve one for anything else (which might be more resource intensive).

This could help against application level DDoS but useless against attacks on lower levels.

What do you mean "lower levels"? You mean like remote DB access? Any impact on something like that would be solved by using local DB connection only. As for a file server that could require a valid session the same way an application would.

Think about OSI model.
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
April 22, 2013, 06:01:10 PM
 #6

Think about OSI model.

How does a model have anything to do with http access to system resources?
tysat
Legendary
*
Offline Offline

Activity: 966


Keep it real


View Profile
April 22, 2013, 06:01:58 PM
 #7

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
April 22, 2013, 06:06:43 PM
 #8

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.

Hmm, I suppose that's possible. To me that's an advanced DDoS though, or I guess that could happen naturally with large enough attack...
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 658


Preaching the gospel of Satoshi


View Profile
April 22, 2013, 06:24:14 PM
 #9

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.

Hmm, I suppose that's possible. To me that's an advanced DDoS though, or I guess that could happen naturally with large enough attack...
That's not only "possible", it is precisely what is going on.
It is the very definition of DDoS.
And there are plenty of methods, most of them common knowledge, exploiting weaknesses of the TCP/IP protocol.
These days such exploitations aren't sophisticated, they are all easily accessible to any script kiddie.
DarkHyudrA
Legendary
*
Offline Offline

Activity: 1386


English <-> Portuguese translations


View Profile
April 22, 2013, 06:26:18 PM
 #10

This would kill bots, think about it.

English <-> Brazilian Portuguese translations
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
April 22, 2013, 06:33:49 PM
 #11

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.

Hmm, I suppose that's possible. To me that's an advanced DDoS though, or I guess that could happen naturally with large enough attack...
That's not only "possible", it is precisely what is going on.
It is the very definition of DDoS.
And there are plenty of methods, most of them common knowledge, exploiting weaknesses of the TCP/IP protocol.
These days such exploitations aren't sophisticated, they are all easily accessible to any script kiddie.

Right. I'm used to looking at problems from the server level down, not the pipes. As I said earlier it seems the only real way to solve DDoS is take away botnets.

EDIT: To be pedantic, though, I wouldn't say the 'D' in DDoS is the very definition of clogging the network layer. DDoS AFAIK is the progression from DoS which didn't clog the network and was effectively mitigated with IP filtering. The more effective DDoS defeated that, and the network clogging seems an added benefit and problem.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 2044



View Profile
April 22, 2013, 06:36:48 PM
 #12

what if the attacker just floods the server with random packets? there's no captcha for packets, and even if you're dropping them with a firewall, your link is still being saturated.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 658


Preaching the gospel of Satoshi


View Profile
April 22, 2013, 06:38:09 PM
 #13

what if the attacker just floods the server with random packets? there's no captcha for packets, and even if you're dropping them with a firewall, your link is still being saturated.
That's what we've been saying all along.
Wtf
tysat
Legendary
*
Offline Offline

Activity: 966


Keep it real


View Profile
April 22, 2013, 06:39:42 PM
 #14

what if the attacker just floods the server with random packets? there's no captcha for packets, and even if you're dropping them with a firewall, your link is still being saturated.

So you mean they're just DDoS'ing the server?
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 658


Preaching the gospel of Satoshi


View Profile
April 22, 2013, 06:49:59 PM
 #15

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.

Hmm, I suppose that's possible. To me that's an advanced DDoS though, or I guess that could happen naturally with large enough attack...
That's not only "possible", it is precisely what is going on.
It is the very definition of DDoS.
And there are plenty of methods, most of them common knowledge, exploiting weaknesses of the TCP/IP protocol.
These days such exploitations aren't sophisticated, they are all easily accessible to any script kiddie.

Right. I'm used to looking at problems from the server level down, not the pipes. As I said earlier it seems the only real way to solve DDoS is take away botnets.

EDIT: To be pedantic, though, I wouldn't say the 'D' in DDoS is the very definition of clogging the network layer. DDoS AFAIK is the progression from DoS which didn't clog the network and was effectively mitigated with IP filtering. The more effective DDoS defeated that, and the network clogging seems an added benefit and problem.
You clearly missed your highlighted quote.
I am out of here.

Edit: evidently your understanding doesn't go that far.
acoindr
Legendary
*
Offline Offline

Activity: 1036


View Profile
April 22, 2013, 06:59:18 PM
 #16

Think about OSI model.

How does a model have anything to do with http access to system resources?

Because it's getting clogged up on the network layer.

Hmm, I suppose that's possible. To me that's an advanced DDoS though, or I guess that could happen naturally with large enough attack...
That's not only "possible", it is precisely what is going on.
It is the very definition of DDoS.
And there are plenty of methods, most of them common knowledge, exploiting weaknesses of the TCP/IP protocol.
These days such exploitations aren't sophisticated, they are all easily accessible to any script kiddie.

Right. I'm used to looking at problems from the server level down, not the pipes. As I said earlier it seems the only real way to solve DDoS is take away botnets.

EDIT: To be pedantic, though, I wouldn't say the 'D' in DDoS is the very definition of clogging the network layer. DDoS AFAIK is the progression from DoS which didn't clog the network and was effectively mitigated with IP filtering. The more effective DDoS defeated that, and the network clogging seems an added benefit and problem.
You clearly missed your highlighted quote.
I am out of here.

I didn't miss it.

I'm saying the attack became distributed in response to IP filtering not in order to clog the network. Denial of Service originally attacked servers not the network. The defense then was to filter problematic IPs. So to get around that distributed IPs were used. This had the added benefit of clogging the network. So when you say the very definition of the 'd' for distributed is clogging the network I disagree; I say that became a welcome side effect when, as you highlight, the attack is large enough. That's my understanding of the topic anyway. It's admittedly not my area of expertise.
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 1792

Newbie


View Profile
April 22, 2013, 07:27:17 PM
 #17

This is actually a great idea.

They could even separate their home page from the rest of the system so you could access the home page without a captcha but need to solve one for anything else (which might be more resource intensive).

This could help against application level DDoS but useless against attacks on lower levels.

What do you mean "lower levels"? You mean like remote DB access? Any impact on something like that would be solved by using local DB connection only. As for a file server that could require a valid session the same way an application would.

Think about OSI model.

Yes. That's exactly what I meant when said "lower levels".
Stunna
Legendary
*
Offline Offline

Activity: 1750


Advisor @ Primedice.com, Stake.com


View Profile WWW
April 22, 2013, 10:37:33 PM
 #18

This wouldn't be effective, new ways to mitigate must be developed.

      ▄▄████████▄▄
   ▄████████████████▄
 ▄█████▀▀       ▀▀████                              
▄████▀            ████      ████                  ████
█████           ▄████▀     ████▌                 ▐████
█████           ▀▀▀▀      ▐████                  ████▌    ▄▄
 █████▄                  ▄█████████▀            ▐████   ▄███▀
   ▀█████▄▄        ▄▄███████████▀▀   ▄▄▄▄       ████  ▄███▀     ▄▄▄▄
      ▀███████▄    ▀████▀████▀     ▄████▀███   ▐███████▀▀    ▄███▀ ██▌
         ▀▀██████▄▄     ▐████    ▄████  ▐██▌   ███████     ▄███▀  ▄██▌
    ▄▄▄▄     ▀▀█████    ████    ▄███▀   ███   ▐███▌███    ▐████▄▄███▀
  █████▀▀      ▀████▌  ▐████    ████   ▄███   ████ ▐███   ████
 ████▀          ████▌  ▐████▄▄██████▄▄█████▄▄█████  ▀███  ▀████▄▄▄▄██           ▄████▄  ▄████▄  ██▄██▄██▄
████▌          █████    ▀████▀▀  ▀████▀  ▀██▀ ███▀   ▀███   ▀▀████▀▀           ██▀     ██▀  ▀██ ██  ██  ██
████▄       ▄▄████▀                                   ▀███▄▄      ▄▄██  ▄████▄ ██▄     ██▄  ▄██ ██  ██  ██
 ██████████████▀▀                                       ▀▀█████████▀▀   ▀████▀  ▀████▀  ▀████▀  ██  ██  ██
   ▀██████▀▀▀



▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
The Bitcoin Casino
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█                         █
█       ██                █
█      █▄▄█               █
█     █▀  ▀█              █
█                         █
█       ▄▄                █
█     ▄████▄              █
█   ▄████████▄            █
█   ▀████████▀            █
█     ▀████▀              █
█       ▀▀                █
█                         █
█                         █
█                         █
█                         █
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
Provably fair
Free faucet

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮
▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬
12 exclusive games
And many more...

▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬ ▮█▮ ▬▬▬▬▬▬



                ▄▄
               ▄▀▀
               ▀█
      █▀▄  ▄▄▄▄█▀▀█▄▄ ▄▀█
      █  ▀▀          ▀  █
      █▌        ██▌ █   █▌
      ▐█       ▐█████   ▐█ ▄▄ ▄▄▄
      █▌        ▀▀▀▀     █ █ ▀   █
      █       ▀▄▄▄▄▄▀     ▀    ▄▀
      █         ▀▀           ▄▀
     ▄▀                    ▄▀
   ▄▀                     █
 ▄▀                       █
█   █▄█                   █
 ▀▀▀  █       ▄▄▄▄▄       █
      █       █   █       █
      ▀▄▄▄▄▄▄▄▀   ▀▄▄▄▄▄▄▄▀
papaminer
Sr. Member
****
Offline Offline

Activity: 462


Free World


View Profile WWW
April 22, 2013, 10:39:18 PM
 #19

lolz...

the easiest and cheapest way to mitigate DDOS as of today is use...

CLOUDFLARE

฿: 1L7dSte4Rs4KyyxRCgrqSWYtkXdAb4Gy1z

MORE INFO ABOUT ME: BTC
tysat
Legendary
*
Offline Offline

Activity: 966


Keep it real


View Profile
April 22, 2013, 11:32:22 PM
 #20

lolz...

the easiest and cheapest way to mitigate DDOS as of today is use...

CLOUDFLARE

For static content (I believe)
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!