undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsneurostimulant9y ago0 comments

Considering they charge per GB data transfer, even if your site survive the attack you'll get an amazingly expensive bill at the end of the month.

0 comments

6 comments · 2 top-level

mixedbit9y ago· 3 in thread

For both Google and Amazon the cheapest transfer you can have is 0.02 USD/GB, which in case of such attach gives 5.5k USD / hour, or 400k USD for three days of the attack.

kijin9y ago

That's for outgoing (egress) transfer. Incoming (ingress) transfer is free with both Google and Amazon, and a DDoS attack is mostly incoming.

Jweb_Guru9y ago

Amazon's actual ELB IPs can handle relatively little traffic, "prewarming" is required in order to add more ELB instances--during a DDOS attack, you'll be overwhelmed almost instantly. Route 53 uses DNS round robin, which is trivial to bypass if you're planning on a DDOS attack (by targeting a specific IP). Google actually gives you an anycast IP, so they're a better option.

All that being said: the idea that only ingress traffic matters during a DDOS attack isn't quite right. If the connections are legitimate, you either need to be able to detect the attack attempts (requires expensive coordination and mitigation techniques, especially if the attack is much larger than what a single NIC can handle) or actually serve back the content (which will make your egress skyrocket).

You just have to make sure your infrastructure doesn't try to auto-scale up to actually handle all the traffic or suddenly you have thousands of high-powered instances to pay for...

jraedisch9y ago· 1 in thread

There could be something like a DDoS insurance.

tdy7219y ago

Insurance only works when you can get good coverage (lots of premiums being paid). Akamai and CloudFlare are DDoS insurance, and BK just got dropped.

You don't see insurance companies rushing in after a disaster, this is no different.

j / k navigate · click thread line to collapse