How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)

265 points methuselah_in | 1 comments | 20 Jun 25 18:34 UTC | HN request time: 0.207s | source

Show context

londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]▶

A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #

franga2000 ◴[24 Jun 25 19:18 UTC] No.44369906[source]▶

>>44366154 #

Banks have already figured out fraud detection through pattern recognition, ISPs can do the same. When a connection has never used more than 300/10 of a 1000/1000 link and 80% of that was TCP with dstport 80 or 443, then it starts doing /900 UDP to every possible dstport, maybe something is wrong?

"Your network is generating an extraordinary amout of traffic, which is likely the result of a virus-infected device. As a result, we have lowered your speed to 100/20. Please read the steps to check your devices and unlock your connection here: ____"

replies(4): >>44369970 #>>44370417 #>>44371799 #>>44372587 #

1. overfeed ◴[24 Jun 25 20:01 UTC] No.44370417[source]▶

>>44369906 #

IoS botnets depend on total number of devices and not individual bandwidth. Most IoT devices have cheap network chipsets and unoptimized networking stacks, I wouldn't expect them to saturate a 100mbps connection.

↑