Denial of Service (DoS) : Some Thoughts

About a year ago, I had the opportunity to solve a class of Denial-of-Service attacks that were compromising our availability and scalability. During that investigation, I happened upon a revelation. That revelation led to a solution. I’ve since seen that learning applied to other systems, including Amazon’s SimpleDB, so I wanted to share it here.

Consider the following scenario (also depicted below):

  1. A web client issues an HTTP request to a web site
  2. The web site, upon receiving the request, attempts to determine if the current request is part of a larger DOS attack
    1. If so, a defense is executed
    2. If not, the web request follows a normal execution of business logic
  3. The web server returns a response to the web client

Read More

About Me
A blog describing my work in building websites that millions of people visit. I'm a senior member of LinkedIn's Distributed Data Systems team. I previously held technical and leadership roles at Netflix, Etsy, eBay & Siebel Systems.
Tumblelogs I follow: