The website is checking your browser before accessing - My friend said this to me and I couldn't understand what the website was checking about my browser?

666    Asked by AdamLipscomb in Cyber Security , Asked on Feb 25, 2022

 Some sites I visit take me to a page that says roughly, "Checking your browser before accessing example.com. DDoS attack protection by CloudFlare". What exactly about my browser is being checked and how will that help protect against a DDoS attack?

Answered by ananya Pawar

The website is checking your browser before accessing as most Denial-Of-Service (DOS) attacks rely on some asymmetry between the resources involved on the attacker side and on the target side. In other words, to be successful, a DOS needs an action to require very few resources client-side (so that each client can send a lot of requests) while involving larger resources server-side (so the server(s) will be unable to handle the load).


Due to this, DDOS attacks (the "Distributed" version of DOS attacks) are obviously not engaged by real humans clicking on links in a browser tab, but by bots sending massive amounts of parallel requests to the target. The consequence of this is that the DDOS "client" is not a real browser, but a tool which may more-or-less simulate one. Cloudflare DDOS protection system is quickly described on their website as follows: "an interstitial page is presented to your site’s visitors for 5 seconds while the checks are completed".

Two things trigger my attention here: The checks: the most obvious way to sort real website users from automatic DDOS bots is to check whether the HTTP client is a real browser or not. This can go through testing the client's behaviour against a panel of tests (see the post "bot detection via browser fingerprinting" for instance) and compare the result with the one expected from a genuine instance of the browser the client claims to be (for instance if the client claims to be a Firefox version 52 running on a Windows 10 machine, does it present the same characteristics?). 5 seconds: Executing JavaScript tests and redirecting the visitor could be a very fast and almost transparent operation, so I believe that this "5 seconds" timeout is not there by accident but is meant to revert the computational asymmetry back in favour of the server. The most light version of such principle would simply be to ask the client to wait (sleep) 5 seconds before submitting the same request (with a unique identifier stored in a cookie, as described on Cloudflare page). This would force the DDOS client to somehow handle a queue of pending redirections, and would finally make the overall DDOS process less effective. A more brutal alternative would be to request the browser to solve some mathematical challenge which would require a few seconds to be solved on an average home system. In such a case, attackers would have no other choice than spend computational power to solve these challenges if they would like to proceed, but doing so will completely void the asymmetry since all the attacker's resource will be busy in solving challenges instead of sending requests, finally "DOSing" the attacker's system instead of the target's one.



Your Answer

Interviews

Parent Categories