←back to thread

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)
265 points methuselah_in | 5 comments | 20 Jun 25 18:34 UTC | HN request time: 0.778s | source
Show context
londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]
A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #
1. ByThyGrace ◴[24 Jun 25 14:42 UTC] No.44366811[source]
Consumer home/office routers provide their clients IP connectivity without reserve. Why is that the case?

The default is to allow all available bandwidth, which presumably should be the case from ISP to consumer (most likely a paid-for service), but why should that be the default at consumer router <-> IoT? What need has your printer for 500Mbps outgoing? Or my fancy toothbrush?

replies(2): >>44367049 #>>44367176 #
2. shermantanktop ◴[24 Jun 25 15:06 UTC] No.44367049[source]
Is there any method for a connected device to advertise the required throughput? Maybe some SNMP thing? That’s the only way this would work I think.
replies(2): >>44367495 #>>44375405 #
3. ryandrake ◴[24 Jun 25 15:18 UTC] No.44367176[source]
Residential ISPs need to better police abuse of the network and they need to better respond to reports of abuse by cutting off the abusive, botnet-infected users. Of course, until there is a financial or regulatory incentive to cut off these customers, they won’t.
4. BenjiWiebe ◴[24 Jun 25 15:48 UTC] No.44367495[source]
You would want the advertised speed to be approved by the user at the time of setup.

If it was automatically accepted, the malware would just change the advertisement.

5. everforward ◴[25 Jun 25 09:49 UTC] No.44375405[source]
Users don't want to manage it, and ISPs don't want the tickets.

Heuristic based systems would probably work in most homes, where devices are limited by their historical bandwidth. New devices are unthrottled, existing devices are limited by their historical bandwidth usage with some bursting.

I think most ISPs have apps to control your router now, you could have it trigger a push notification like "Device X is using more bandwidth than normal, and we're throttling it. Press SCARY BUTTON to unthrottle."