- Joined
- Dec 16, 2021
Since now's as good of a time as any to sperg about potential networking solutions, here's something I've been looking into lately: Proof of Work as a DDoS mitigation.
There's been a number of whitepapers to come out in the last few years describing the concept: Before clients are allowed to access content, they have to expend CPU power solving a puzzle with a complexity level that's proportional to the amount of requests being made. So far the one implementation I've seen is PoW-Shield, a modestly supported github project that uses client-side javascript to protect against application-layer attacks. I can't speak to its robustness given the size and age of the project, but it might be worth a test run at some point in time. If it ends up working as intended, that would put Cloudflare firmly in the cuckshed.
As far as a transport-layer implementations go, I've only come across a whitepaper that describes the use of PoW via a UDP service. While this would be quite a bit trickier to work into existing server stacks, the conclusions are heartening at least.
There's been a number of whitepapers to come out in the last few years describing the concept: Before clients are allowed to access content, they have to expend CPU power solving a puzzle with a complexity level that's proportional to the amount of requests being made. So far the one implementation I've seen is PoW-Shield, a modestly supported github project that uses client-side javascript to protect against application-layer attacks. I can't speak to its robustness given the size and age of the project, but it might be worth a test run at some point in time. If it ends up working as intended, that would put Cloudflare firmly in the cuckshed.
As far as a transport-layer implementations go, I've only come across a whitepaper that describes the use of PoW via a UDP service. While this would be quite a bit trickier to work into existing server stacks, the conclusions are heartening at least.
