←back to thread

How Cloudflare blocked a monumental 7.3 Tbps DDoS attack

(blog.cloudflare.com)
265 points methuselah_in | 1 comments | 20 Jun 25 18:34 UTC | HN request time: 0s | source
Show context
londons_explore ◴[24 Jun 25 13:40 UTC] No.44366154[source]
A DDoS gets some fraction of the entire internet to attack a single host.

As the internet gets more users and more devices connected, the ratio of DDoS volume to a single connections volume will only get larger.

Is there any kind of solution?

replies(8): >>44366248 #>>44366352 #>>44366379 #>>44366623 #>>44366811 #>>44366991 #>>44367206 #>>44369906 #
alyandon ◴[24 Jun 25 13:49 UTC] No.44366248[source]
Not a 100% solution but would help greatly if ISPs:

1) performed egress filtering to prevent spoofing arbitrary source addresses

2) temporarily shut off customers that are sending a large volume of malicious traffic

replies(2): >>44366275 #>>44366336 #
alberth ◴[24 Jun 25 13:58 UTC] No.44366336[source]
> sending a large volume of malicious traffic

How would an ISP determine egress is malicious? Genuinely curious.

replies(5): >>44366353 #>>44366415 #>>44366743 #>>44366790 #>>44366797 #
alyandon ◴[24 Jun 25 14:06 UTC] No.44366415[source]
If someone is reporting malicious traffic coming from the ISP's network then an ISP should be obligated to investigate and shut off the offending customer if necessary until they've resolved the problem.
replies(1): >>44366561 #
cyral ◴[24 Jun 25 14:19 UTC] No.44366561{3}[source]
How would this ever work at scale? These attacks come from thousands of compromised devices usually. e.g. Someone's smart fridge with 5 year old firmware gets exploited
replies(6): >>44366665 #>>44366824 #>>44367225 #>>44367724 #>>44372179 #>>44384126 #
1. motorest ◴[26 Jun 25 04:13 UTC] No.44384126{4}[source]
> How would this ever work at scale?

- ISP has terms of service preventing abuse,

- ISP provides an email address to receive complains about abuse

- once a ISP receives a complain, their check if a customer abused their terms of service

- once a ISP spots a customer abusing terms of service, they act upon it.

ISPs have been doing this since the time ISPs exist.