←back to thread

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)
265 points methuselah_in | 10 comments | 20 Jun 25 18:34 UTC | HN request time: 3.459s | source | bottom
1. thih9 ◴[24 Jun 25 14:30 UTC] No.44366680[source]
> DDoS sizes have continued a steady climb over the past three decades.

This is a bit misleading; according to Wikipedia[1], the first DDoS is said to have occurred less than three decades ago.

[1] "Panix, the third-oldest ISP in the world, was the target of what is thought to be the first DoS attack. On September 6, 1996, Panix was subject to a SYN flood attack, which brought down its services for several days while hardware vendors, notably Cisco, figured out a proper defense.", source: https://en.wikipedia.org/wiki/Denial-of-service_attack

replies(3): >>44366839 #>>44366846 #>>44368737 #
2. sophacles ◴[24 Jun 25 14:45 UTC] No.44366839[source]
So the change from 0 sized ddos in June 1995 (30 years ago aka 3 decades ago) to a >0 sized ddos in September 1996 (29 years ago aka basically 3 decades ago) doesn't constitute an increase in size?
replies(1): >>44368180 #
3. jedberg ◴[24 Jun 25 14:45 UTC] No.44366846[source]
90's, 00's, 10's. Three decades.
replies(2): >>44368221 #>>44368326 #
4. thih9 ◴[24 Jun 25 16:48 UTC] No.44368180[source]
But that’s my point, I wouldn’t call it an increase from 0, I’d say 30 years ago that value was NULL - not even a zero sized DDoS has happened yet.
replies(1): >>44368938 #
5. ◴[24 Jun 25 16:52 UTC] No.44368221[source]
6. thih9 ◴[24 Jun 25 17:01 UTC] No.44368326[source]
Exactly, should be less. Unless we have some data about DDoS sizes in the early 90s, before the first DDoS has occurred.
replies(1): >>44368656 #
7. jedberg ◴[24 Jun 25 17:35 UTC] No.44368656{3}[source]
I'm going to give you the benefit of the doubt and assume you aren't just being pedantic to be a troll, and point out that when rounding 29 to the nearest 10, you get 30.
8. arp242 ◴[24 Jun 25 17:41 UTC] No.44368737[source]
round(29 years) is three decades. This is hyper-pedantic to the point of being obnoxious.
replies(1): >>44368900 #
9. thih9 ◴[24 Jun 25 17:57 UTC] No.44368900[source]
Fair enough, apologies.

In my defense, reading that for the first time gave me an impression that DDoS attacks themselves were older; I was disappointed and wanted to share so that others wouldn’t get similar hopes. Next time I’ll round more decimals.

10. sophacles ◴[24 Jun 25 18:00 UTC] No.44368938{3}[source]
So two problems...

1) I'm not sure what your problem with the reasonable rounding of 29 years ago to 3 decades is... but the one that comes across is "extra pedantry for no reason"

2) According to wikipedia the "first dos" attack was in 1996. There are other sources most of which attribute that 1996 panix attack as "one of the first" or "the first major" ddos attack. Before that there were other DoS attacks using udp and/or syn floods, and some of them likely involved several computers (and possibly people) working in coordination. Those several computers were probably not compromised machines that had malware responding to a cnc server, so the squishiness has to do in part with how exactly one defines DDoS - some definitions include a botnet requirement, others just need multiple computers working in coordination. It's claimed that Kevin Mitnick was targeting his prosecutor with syn floods in 1994 (over 30 years ago), but its not fully verified and the details are unknown from my research... likely though >1 computers were involved in that flood if it happened.

In the early 90s there were all sorts of fun and games where people would knock over IRC servers by triggering bugs/behaviors in a lot of connected clients. It's primitive but it seems to have a huge number of elements of DDoS. Similar for attacks on various telecomms infrastructure as the soviet union/eastern bloc fell apart in that time period.

Trying to put a hard "29 years ago" line in the sand is difficult to do... techniques evolve from previous ones and there are shared elements that make the line necessarily fuzzy.

So yeah... theres no reason to quibble about "three decades" since theres 35+ years of history around "things that look like DDoS attacks but don't fit a strict definition that requires botnets"