2. Denial of Service Denial.

Sly and Carl are really concerned about the possibility of DoS attacks against their web server program. Since one way to defend against DoS attacks is to make the attacker do more work, Sly has developed a new module for his web server that he claims will prevent DoS attacks by slowing them down. In Slys module, every incoming HTTP request is put into a queue, with a timestamp and a delayed bit marked as false. When it is ready to serve a request, the web server takes the first request in the queue. If the delayed bit is false and there are no other requests from the same IP address in the queue, it serves the request immediately. If the delayed bit is false and there is at least one other request from the same IP address in the queue, the delayed bit is set to true and the request is re-inserted at the end of the queue. If the delayed bit is set to true, then the request is served if the current time is at least 1 second greater than the request timestamp, and otherwise the request is sent to the end of the queue again. This approach extends the time needed for an attacker to fill the web servers request queue.1Inspired by BitTorrent, Carl has a different suggestion for preventing DoS. In Carls solution,whenever client C downloads a page, he also downloads an ActiveX control that acts as a mini webserver for that page and its contents only. Then when the main server starts to be overloaded, it uses HTTP redirects to point new clients to servers running on old clients. The new clients can then download the pages from old clients directly, without using any more of the main servers bandwidth.

(a - 10 pts) Will Slys scheme work, or not, and why? Give a detailed explanation.