Security against DDOS


I was wondering if the IPFS architecture was capable of handling a DDOS attack.
Let’s imagine the case where, a botnet sends a large number of requests for a certain image that I have posted.
Would the network be overwhelm and then my image inaccessible?

Thanks for reading!

This is unlikely.

IPFS have negative scaling. This mean the more user accessing a file the less bandwidth you are consuming (and the more bandwidth available). (This is just since if a user download a file it should also reprovide it, giving more bandwidth available)

This would be an issue only if 1 or 2 users are providing the file, in this case a botnet that wouldn’t reprovide could maybe bring them down, but if somehow by luck (being able to download the file even at 2Kb/s, getting the file out-of-band, …) a third node gets the file (or only chunks of it), it’s even more work for the botnet (this would then likely end up sharing the file to lots of users quickly).
So this would maybe slow down the start of the file share, but this doesn’t look holdable on the long run.
And if there is no third node downloading the file, well that mean that this is a file no one is downloading anyway.

However an attack that actually have a chance to work on IPFS and could be used for censorship is the Sybil Attack. The answer to this, is mainly using a blockchain instead of the DHT (only where the DHT fails, if the DHT works, pls avoid filecoin, it have lots of overhead and require paying hosters / miners) (such as sharing the file on filecoin too). This is not a good answer, but it’s just how DHT works and there is no good solution to this (it’s possible to make this attack way harder tho, and it’s something the IPFS devs are doing when attack are potential attacks are reported to them).

1 Like