protection agains DOS websocket with ip address

Question

I was wondering if storing the ip address of a user into the handshake of a websocket would be a good way to protect my java ee server agains DDOS :

when the server receive an abnormal amount of connections, he switches to 'secure' mode, where, if a given connection request provides an ip address that is not known to the server (stored in database, first time connection), then I can simply refuse that connection.

could that help ? (My main concern is to protect my websocket server as much as possible. I've looked into the origin thingy but with no success so far.)

Thanks for the help !

Answer 1

Protection against DDoS must be at the network level (routing, balancing, switching, etc...). A server cannot do anything if a massive amount of request arrives to it. Even if the server is quickly dispatching them with errors, the channel is saturated and legit requests cannot reach the server, or they reach with very bad throughput. Put aside, that a DDoS can be done even with ICMP packets that are not even at TCP/UDP layer, but just IP layer, so a WebSocket server cannot do much about this.

Protection against DoS is related with the logic more than with the infrastructure. In essence, an attack vector that allows to hang your server. A practical example would be, if sending a malformed WebSocket request the thread that is dispatching sockets in your server dies or gets stuck, preventing the app from accepting more connections. To protect your server against DoS, check these kind of things.