With the growing incidents of flash crowds and sophisticated DDoS attacksmimicking benign traffic, it becomes challenging to protect Internet-basedservices solely by differentiating attack traffic from legitimate traffic.While fair-sharing schemes are commonly suggested as a defense whendifferentiation is difficult, they alone may suffer from highly variable oreven unbounded waiting times. We propose RainCheck Filter (RCF), a lightweightprimitive that guarantees bounded waiting time for clients despite serverflooding without keeping per-client state on the server. RCF achieves strongwaiting time guarantees by prioritizing clients based on how long the clientshave waited-as if the server maintained a queue in which the clients lined upwaiting for service. To avoid keeping state for every incoming client request,the server sends to the client a raincheck, a timestamped cryptographic tokenthat not only informs the client to retry later but also serves as a proof ofthe client's priority level within the virtual queue. We prove that everyclient complying with RCF can access the server in bounded time, even under aflash crowd incident or a DDoS attack. Our large-scale simulations confirm thatRCF provides a small and predictable maximum waiting time while existingschemes cannot. To demonstrate its deployability, we implement RCF as a Pythonmodule such that web developers can protect a critical server resource byadding only three lines of code.
展开▼
