Not that I need it, but it was interesting to hear someone speak about their server and protecting it from DOS attack by having a puzzle that the client must solve before the server will do anything (it doesnt do allocations or make a session unless solved).
The person also said puzzles can be made to take a quick amount of time or long. And they are easy to check for correct solutions but difficult to solve.
What are these puzzles? I never heard of one. Can someone give an example (or a link)?
This paper suggests using puzzles as a defense against denial of service attacks:
The puzzle they used was reversing a one-way hash function like MD5. By varying the size of the number to be hashed, they can control how hard it is to do a brute force search to find the original number.
Finding roots of nonlinear equations. It is very easy to check and takes some time to find.
graph isomorphisms are another interesting one. You can generate an isomorphism from an original graph easily, package it up with other graphs which aren't isomorphic, and ask the user to identify the isomorphism.
Okey, let me tell you the story, Researchers start thinking about What are solutions for the DOS and DDOS attacks ?
after that they find 3 ways for the solution:
And after this categorization they start on developing some usefil protocols. So the puzzle is in mitigating DOS or DDOS attacks. How it works? if a server has a doubt about any kind of DDOS or DOS attacks, they send puzzles to the clients (which are mostly Bots/zombies).This puzzles need calculations to understand whether it is human being or any compromised computer used as a bot.
if server understand and sure about the bots, it can send complex puzzles to make the sources work in load as an countermeasure for the attacks.
The captcha is whether in prevention category. Do not confuse about it.
you can read this paper Mitigating Denial of Service Attacks with Password Puzzles