Warning system ddos attacks.
I warn you right away - I’m not an expert in the field in question and may suggest stupidity, but still do it :)
As far as I understand, a ddos attack is a “event” distributed across the territory and compressed (very) in time, the goal of which is to flood a server with requests (this simple). So, why not register these bursts of requests at a special service (Center), for example, at the level of large providers and hosters and warn the following users trying to make a request to him about their possible participation in the attack (with an offer to check the computer for viruses)? Those. some kind of warning DDOS attacks :).
For example, host A receives an abnormal growth of requests to server X in a few minutes, it transfers this information to the Center, similar information comes from a couple of different providers - then the following users will receive a warning on the browser about the suspicion of committing an attempt to send a request to this resource attacks on the requested resource and offer: a) check the computer for malicious code, b) contact a little later, c) confirm that he still wants to send the request. You can limit the number of requests already at this level, or you can even try to ban requests (temporarily) without direct confirmation (or which are not from browsers). For this, you will probably need to either integrate the system into browsers, or into antivirus / firewalls / antispam, or install some kind of module / widget for the user.
In general, something like this. It is interesting to see your thoughts on why this is not possible (and can it be implemented?). Or was this issue resolved and it was no longer relevant?
UPD: This monitoring system will certainly be complicated, but site owners can also be connected by connecting, for example, a filter system to the Center regulated by them: a) ignore requests from their site (for those who are sure that this threat will pass) b) set either the number of requests for a unit of time that is considered “normal / maximum / reasonable” when exceeded which an alert will be triggered (including the site owner), c) if there is feedback, regulate the flow by displaying, for example, the “excess” part of the clients at the moment (may even from a backup server) your information, for example, asking you to return later due to technical work, or directly redirecting to a mirror.
As far as I understand, a ddos attack is a “event” distributed across the territory and compressed (very) in time, the goal of which is to flood a server with requests (this simple). So, why not register these bursts of requests at a special service (Center), for example, at the level of large providers and hosters and warn the following users trying to make a request to him about their possible participation in the attack (with an offer to check the computer for viruses)? Those. some kind of warning DDOS attacks :).
For example, host A receives an abnormal growth of requests to server X in a few minutes, it transfers this information to the Center, similar information comes from a couple of different providers - then the following users will receive a warning on the browser about the suspicion of committing an attempt to send a request to this resource attacks on the requested resource and offer: a) check the computer for malicious code, b) contact a little later, c) confirm that he still wants to send the request. You can limit the number of requests already at this level, or you can even try to ban requests (temporarily) without direct confirmation (or which are not from browsers). For this, you will probably need to either integrate the system into browsers, or into antivirus / firewalls / antispam, or install some kind of module / widget for the user.
In general, something like this. It is interesting to see your thoughts on why this is not possible (and can it be implemented?). Or was this issue resolved and it was no longer relevant?
UPD: This monitoring system will certainly be complicated, but site owners can also be connected by connecting, for example, a filter system to the Center regulated by them: a) ignore requests from their site (for those who are sure that this threat will pass) b) set either the number of requests for a unit of time that is considered “normal / maximum / reasonable” when exceeded which an alert will be triggered (including the site owner), c) if there is feedback, regulate the flow by displaying, for example, the “excess” part of the clients at the moment (may even from a backup server) your information, for example, asking you to return later due to technical work, or directly redirecting to a mirror.