(blog.cloudflare.com)

265 points methuselah_in | 1 comments | 20 Jun 25 18:34 UTC | HN request time: 0.406s | source

Show context

londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]▶

A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #

ByThyGrace ◴[24 Jun 25 14:42 UTC] No.44366811[source]▶

>>44366154 #

Consumer home/office routers provide their clients IP connectivity without reserve. Why is that the case?

The default is to allow all available bandwidth, which presumably should be the case from ISP to consumer (most likely a paid-for service), but why should that be the default at consumer router <-> IoT? What need has your printer for 500Mbps outgoing? Or my fancy toothbrush?

replies(2): >>44367049 #>>44367176 #

shermantanktop ◴[24 Jun 25 15:06 UTC] No.44367049[source]▶

>>44366811 #

Is there any method for a connected device to advertise the required throughput? Maybe some SNMP thing? That’s the only way this would work I think.

replies(2): >>44367495 #>>44375405 #

1. BenjiWiebe ◴[24 Jun 25 15:48 UTC] No.44367495[source]▶

>>44367049 #

You would want the advertised speed to be approved by the user at the time of setup.

If it was automatically accepted, the malware would just change the advertisement.

↑

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack