comments and critiques

[bchr02]

Overall, nice module! But after reading the README I have some questions, comments and critiques:

But it will deal with simple DOS ones, but the concept is associated with DDOS whereas DOS is about the classic operating system from the 90's."

Sorry, but this sentence makes little sense. 😄

Yes, this will not deal with distributed denial-of-service attacks

Just curious, why did you use ddos within the module name if this module does not help to prevent those types of attacks?

You could add some sort of basic DDOS prevention by providing a means to add a global threshold that allows one to define expected traffic regardless of IP. But you would have to program it to not include the results of already blacklisted IPs. You don't want one bad apple taking the whole server down.

Another nice thing to add is the option of slowing down responses instead of dropping them altogether. Something like:

setTimeout(next, 3000);

This wouldn't necessarily stop DOS attacks but it would prevent brute force attacks. If programmed correctly it could even help to prevent distributed brute force attacks. Perhaps you could add an option where if a certain percentage of the threshold is reached the responses could be slowed. This could allow one to accommodate unforeseen growth but at the same time protect the server.

Anyways, these are just some of my thoughts and ideas for you to do as you wish with. Good luck!

[jkarttunen]

Well it kind of helps with DDOS attacks too, if they are not very well distributed.

[kasradzenika]

@rook2pawn please rename the module to node-dos as the current title is misleading

But it will deal with simple DOS ones, but the concept is associated with DDOS whereas DOS is about the classic operating system from the 90's.

we are not in 90's and this does not apply anymore :/

however, this is a great DoS prevention, kudos for effort!