Imagine this, people coming together onto a network to do whatever. It sounds like a social networking site no? Not quite, everyone remains anonymous in this place. It's just starting up. Everything that a user does and whatnot gets deleted, all users are anonymous and this operates in the deep web. You are granted maximum freedom except for attacking the place. If an attack occurs, you will be sniffed out and router blocked. This ensures that resetting you're router does nothing. If you attack, most places block 1 machine, this place will block ~256 machines. Any input? Of course there are security flaws in the 256 ban system but it's better than the default system. This is a network, doesn't have to be a website.
I have thought of making it a huge gaming network where people play classic games. It may sound far fetched but I already found a simple way of doing this. Doesn't use onion routing though.
If you do choose not to be anonymous you get fake currency that can be used like currency on the website! Totally valueless though. 10pts. will be given. Can be used for whatever. If the community gets to large this system will halt. The community would have to get pretty big though to crash the currency system. Remember: Valueless, not worth anything real!
(EDIT) I can give you a preview of this system if you like!
How can you prevent NTP amplification attacks, these can completely tear down your structure before you know it.
Not to mention deep web users can change identity using tor browser pretty rapidly so if a botnet with atleast 100,000 bots does this at a time, you will end up blocking majority of tor network.
Or next, deep web is just like me saying if we want to be hidden why not go to space. All games use some level of flash or java and as NSA added a lot of loopholes for them to hack into servers, people can still use those small loopholes to find the activity\real IP of user.
(EDIT) I forgot I deleted that line... It's not onion routed. Look up the definition of the deep web. If anyone connects through TOR their identities can be easily exploited or else the site won't work. It doesn't have to be a website. Like I said for the third time, any security system can be flawed. The skeleton of this system uses LUA scripts at the moment. Because scripts are used, I can see TOR users IP's. Just like you said the NSA can do. This is why TOR blocks scripts.
With this knowledge, the huge blockage will work because I know their IP's and they still will be blocked. By the way, the game section doesn't block people anyways.
Every system has its flaws. There will always be ways to beat the system, but there is no need to call someone names just because they point out those flaws even if you acknowledged there were flaws. One member was banned once already for repeatedly calling members idiots when they presented an opposing view or even just asked him to elaborate on his point. I think 'dumbass' is far worse than 'idiot'.
What about providers which uses NAT+DPI and do not preserves MACs? One malicious user can block thousands of good users. Also targeted attacks: find out MAC of your enemy, change your MAC to be same as his, get banned, profit.
All I meant was no scripts, non-indexed, doesn't have to be a website and LUA NES/Famicom online games. Possible ban system for routers. TOR doesn't work (Doesn't have to be a website/not yet a website).
When was the last time the you have seen the LOIC on the news? When was the last time a DDoS attack was successful (sites hosted on win98 or lower don't count)? If you had a client with onion capabilities then sure, whole network crash but guess what? An onion routed client doesn't exist yet. If it does then it won't work anyways because the server is still in production. I never said I was a magician capable of fighting the world.
DDOS attacks does not need to really shut down site to be succesfull. For example they could exhaust your traffic quota leaving you with several thousands in overdraft expences. Your site is fine, but you cannot afford to host it anymore and more, you owe a large amount of money to the hosting company.
You told before that you system blocks routers, not IP!
So you just banning a one subnet. 1) It will wreck most users using same provider as banned (which is crucial for small groups where users tends to know each other and leve close/use same provider). Also my current provider network have 255.255.64.0 mask, so if I renew my IP after ban, I have 1/8 chance to take an unbanned IP!
By paying large sum of money to companies which specializes in it.
Host companies are also often provides small degree of DDoS protection. And if things gets serious you can
a) If DDoSers uses domain name to resolve an attack, change it to point to whitehouse.gov IP. They are more equipped to handle DDoS than you anyway.
b) Temporary ban the network attackers are coming from. (Might be useless in some cases)
c) Apply some other techniques you can read about on the Internet.
c) If all else fails, temporary shut down your site. It is better than pay for terabytes of traffic DDoS attacks tends to generate.