Hacker News new | past | comments | ask | show | jobs | submit login
Deep Inside a DNS Amplification DDoS Attack (2012) (cloudflare.com)
48 points by omk on Sept 29, 2021 | hide | past | favorite | 5 comments



> the attack doesn't end up adding to our bandwidth bill because of the way in which we're charged for wholesale bandwidth.

> We buy a lot of bandwidth and we pay for the higher of our ingress (in-bound) or egress (out-bound) averaged over a month. Since we act as a caching proxy, under normal circumstances egress always exceeds ingress. When there's an attack, the two lines get closer together but rarely is an attack large enough to add to our overall bandwidth costs.

Wow. That’s a devilishly clever way to avoid paying for DDoS attacks.


Also due to their anycast network and the large no of pops, the traffic stays local.


it is also a statement to the DDOS'ers: "hey, you do not inflict any monetary damage to us, except a few annoyed customers"


It seems the clients didn't even notice.


A lot more information on DDOS background and techniques on Cloudflare's learning site:

https://www.cloudflare.com/learning/ddos/what-is-a-ddos-atta...

Includes full details on 11 different common DDOS attack types.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: