←back to thread

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)

265 points methuselah_in | 1 comments | 20 Jun 25 18:34 UTC | HN request time: 0.335s | source

Show context

londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]▶

>>44330585 (OP) #

A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #

alyandon ◴[24 Jun 25 13:49 UTC] No.44366248[source]▶

Not a 100% solution but would help greatly if ISPs:

1) performed egress filtering to prevent spoofing arbitrary source addresses

2) temporarily shut off customers that are sending a large volume of malicious traffic

replies(2): >>44366275 #>>44366336 #

alberth ◴[24 Jun 25 13:58 UTC] No.44366336[source]▶

> sending a large volume of malicious traffic

How would an ISP determine egress is malicious? Genuinely curious.

replies(5): >>44366353 #>>44366415 #>>44366743 #>>44366790 #>>44366797 #

1. bityard ◴[24 Jun 25 14:36 UTC] No.44366743[source]▶

All large ISPs have fancy network visibility and DDoS mitigation solutions.[1] But getting them to actually USE them for problems that aren't lighting up their monitoring dashboards is another story entirely.

(1. I know this, because I used to work for a company that made them, and the majority of worldwide ISPs were our customers.)