9Mar
How to force "expensive calculation" when clients connect to my server?
Page 183 of Secrets & Lies on countering denial-of-service attacks:
Some researchers have proposed defenses that force the client to perform an expensive calculation to make a connection. The idea is that if the client has to spend computation time to make a connection, then it can't flood the target with as many connections.
Forcing the client to perform a calculation before connection seems like a pretty good way to fight DOS, but are there some examples of this method used in practice?
Specifically, how can I use this idea to protect my HTTP server from DOS attacks?