←back to thread

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)
265 points methuselah_in | 1 comments | 20 Jun 25 18:34 UTC | HN request time: 0.286s | source
Show context
londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]
A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #
alyandon ◴[24 Jun 25 13:49 UTC] No.44366248[source]
Not a 100% solution but would help greatly if ISPs:

1) performed egress filtering to prevent spoofing arbitrary source addresses

2) temporarily shut off customers that are sending a large volume of malicious traffic

replies(2): >>44366275 #>>44366336 #
alberth ◴[24 Jun 25 13:58 UTC] No.44366336[source]
> sending a large volume of malicious traffic

How would an ISP determine egress is malicious? Genuinely curious.

replies(5): >>44366353 #>>44366415 #>>44366743 #>>44366790 #>>44366797 #
zokier ◴[24 Jun 25 14:41 UTC] No.44366797[source]
Hundreds of Gbps of UDP traffic to random ports of a single destination IP from residental (?) network should be pretty easy pattern to automatically detect and throttle.

More advanced attacks are more tricky to detect, but plain dumb UDP flood should be easily detectable.

replies(1): >>44367147 #
quotemstr ◴[24 Jun 25 15:15 UTC] No.44367147[source]
> Hundreds of Gbps of UDP traffic to random ports of a single destination IP from residental (?) network

You mean my legitimate QUIC file transfer?

replies(1): >>44367473 #
BenjiWiebe ◴[24 Jun 25 15:46 UTC] No.44367473[source]
Have you ever uploaded 100's of Gbps over QUIC from your residential connection to a single IP?

And the aggregate across the ISP's network could in theory be monitored - so if you were uploading 1Gbps, yes, it could be legitimate. If you and 582 others were all uploading 1Gbps to the same IP at the same time, much less likely legitimate.

replies(3): >>44367704 #>>44369004 #>>44384111 #
quotemstr ◴[24 Jun 25 16:07 UTC] No.44367704[source]
> Have you ever uploaded 100's of Gbps over QUIC from your residential connection to a single IP?

Yes actually --- migration between cloud bulk storage providers.

Edit: I misread Gbps as Mbps above.

replies(1): >>44367842 #
1. zokier ◴[24 Jun 25 16:21 UTC] No.44367842[source]
Which residential ISP offers >100Gbps service?