In ~2010 I was really interested in private server development for popular MMORPG games. People would take the game clients and build their own servers to play off of, then edit the client just enough so it was talking to the private server instead of the real server. People, usually amazing talented teenagers, would construct amazing experiences that rivaled and sometimes surpassed what the $100m+ game companies were producing.
Unfortunately, these servers were incredibly prone to griefing particularly DDOS attacks. And though the private server developers were very talented and supremely motivated, they didn't have the resources or infrastructure expertise to mitigate even relatively small DDOS attacks from 1 or 2 nodes.
Who was there as the universal solution to DDOS attacks? Freaking Cloudflare, and it worked, and it was affordable even by teenagers who had at most two nickles to rub together. Where are those ridiculously talented teenagers who built those private servers now? Probably running the world's infrastructure.
DDOS is really a fundamental weakness in the design of the Internet. I really fear that in the long term proprietary meta-networks like Cloudflare are going to eat the public Internet and replace it with something that fixes these issues but is proprietary.
What is needed are ISPs and network operators who give a damn, TBH.
To be clear, they do exist and many of them "do their part" (I, personally, spent ~7 years as the senior (technical) person at an ISP and did my best to ensure that neither we nor our customers were ever part of the problem). The "good ones" are, however, seemingly outnumbered by those who simply can't be bothered.
One reason that is often cited is the lack of a financial incentive to "clean up" their networks. At some point, it may be necessary for the rest of the Internet to "provide" them with one. Note that this is one of the reasons that, to this day, spam e-mail is a thing we all still have to deal with.
Unfortunately, especially for all of us "tech" folks (like here on HN), not every problem can be fixed with a technical solution.
I was recently aggressively downloaded for pointing a finger at digital ocean and AWS for being poor network operators who largely ignore abuse complaints.
I understand people not wanting providers to patrol usage but there is a middle ground.
AWS is usually the least of our problems (though when people use AWS they're generally doing something weird enough I have to look at it). It's more the bottom feeders of OVH and Choopa/Vultr. I blacklist them instantly in every network I end up responsible for.
Digital Ocean is a weird bird because to me it's more of an educator than a hosting company (but people will of course abuse it the same way). I'd never run prod on it and I usually end up blocking their ASNs, though I feel a little worse about it.
I wish they'd sell technical writing as a service. Their documentation (especially for common tasks that they don't even directly sell, like OpenVPN setups) is superb.
As an example, torrents are not particularly vulnerable to ddos. The Internet isn't vulnerable to it as a whole, just specific endpoints.
I'm not sure this is fixable for single endpoints: if you want to tell everyone something different, but there are millions coming per second, you're not going to succeed, be it in real life or a webserver.
So the answer seems to be: avoid centralizing too much, and pick existing, DDOS-resistant protocols whenever you can.
AFAIK a whole lot of cat herding at the level of ISPs and peering administrators and an upgrade of things like BGP. Very hard to do coordinated updates to a federated network, as IPv6 shows... we are 20+ years in and the IPv6 transition is still only crawling along.
Unfortunately, these servers were incredibly prone to griefing particularly DDOS attacks. And though the private server developers were very talented and supremely motivated, they didn't have the resources or infrastructure expertise to mitigate even relatively small DDOS attacks from 1 or 2 nodes.
Who was there as the universal solution to DDOS attacks? Freaking Cloudflare, and it worked, and it was affordable even by teenagers who had at most two nickles to rub together. Where are those ridiculously talented teenagers who built those private servers now? Probably running the world's infrastructure.