(blog.cloudflare.com)

265 points methuselah_in | 4 comments | 20 Jun 25 18:34 UTC | HN request time: 0.83s | source

Show context

londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]▶

A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #

1. resource_waste ◴[24 Jun 25 14:02 UTC] No.44366379[source]▶

>>44366154 #

Capachas?

Sorry for the worst and most hated possible solution, but I thought I'd at least mention it.

Maybe too many failed capachas causes you to not connect to the IP for an hour.

replies(1): >>44366599 #

2. tliltocatl ◴[24 Jun 25 14:23 UTC] No.44366599[source]▶

>>44366379 (TP) #

How would you expect capachas to help against UDP flood? The attack works by oversaturating the network channel. Capachas is a (terribly bad) solution to prevent the server from spending CPU and transmit bandwidth on garbage request, but these wouldn't do anything if the server have too much packets receive in the first place.

replies(1): >>44366664 #

3. Zambyte ◴[24 Jun 25 14:29 UTC] No.44366664[source]▶

>>44366599 #

TIL about capachas[1]

[1]: https://en.wikipedia.org/wiki/Cachapa

replies(1): >>44371858 #

4. BenjiWiebe ◴[24 Jun 25 22:46 UTC] No.44371858{3}[source]▶

>>44366664 #

Capacha =/= Cachapa =/= CAPTCHA

↑

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack