Twitter and Facebook recently suffered high profile Distributed Denial of Service attacks. While these instances made the news, many websites suffer from these attacks daily.
The challenge with DOS attacks is that they are tricky to identify. Numerous factors can cause a site to perform poorly and differentiating legitimate traffic from malignant is a time consuming and difficult process. Once an attack is identified, there are no reliable methods for removing the offending traffic without impacting legitimate users.
aiCache is a web acceleration technology that is deployed in front of the Web, Application, and Database servers, managing all requests from client browsers before they effect the internal environment. aiCache's non-blocking multiplexed IO model allows tens of thousands of requests per second, nearly eliminating overhead associated with implementing the DOS protection.
aiCache implements the DOS protection in four successively sophisticated steps.
The First Level Of Defense is malformed request protection and URL blocking.
aiCache allows only legitimate request from the client, before forwarding such requests to the origin servers, effectively blocking and dissipating malicious requests.
The Second Level of Defense: IP blocking.
Frequently, as DOS attacks unfold, the site being bombarded with DOS traffic from a certain number of bots on the Internet. aiCache identifies the offending addresses and blocks all traffic while reporting the offending addresses.
The third level of defense: Intelligent request throttling.
This protection mode allows any given source address to make only a certain number of requests during a given period. This will reduce the number of illegitimate requests to a level that does not harm the functionality of the site.
The final level of defense: Reverse Turing Access Token Control (RTATC).
Most DDOS attacks are driven by load generation scripts executed by bots. When RTATC mode is on aiCache weeds these off by challenging the requesting side to what is known as a reverse-Turing test*. If the response indicates the presence of an operator, an Access Token, good for configurable amount of time is issued to the requesting browser. The requesting browser then sends this identifying token in all subsequent requests.
If the requesting side fails five consecutive challenges, its access is blocked for configurable amount of time. Should an invalid access token be repeatedly sent by a requesting side its access is blocked entirely.
"We felt giving our customers multiple options for identifying and mitigating malicious attacks would free their time to make their sites more responsive to the user. Not wasting it playing games with a few bad apples." - Max Robbins President aiCache
"We felt totally exposed before. Just knowing that we have options to deal with these attacks is helping me sleep at night" - Dan Donnely Unity Media Director of Web Operations
Footnote - Reverse Turing Test
http://en.wikipedia.org/
