undefined | Better HN

0 pointsgzread19d ago0 comments

Temporary blocks if and when you are actually being DDoSed, presumably?

0 comments

Large DDoS botnets will have hundreds of thousands of return-path-capable IP addresses. Your temporary blocks will have to be very sensitive (i.e. trigger on a relatively small number of requests within the time window) for an application-level DDoS to be usefully mitigated.

gzreadOP19d ago

So how does your other plan solve that?

johncolanduoni19d ago

Once an IP in a botnet attacks someone, it ends up on a blocklist and can’t attack anyone else who uses that blocklist. This is a big part of Cloudflare’s DDoS model: if you attack one CF property (with non-volumetric DDoS) you will not be able to attack any others with the same bot for an extended period. This makes attacks to CF properties limited in scope and way more costly, because you have to essentially “burn” IP addresses after sending relatively little traffic.

1 more reply

j / k navigate · click thread line to collapse

0 comments

johncolanduoni19d ago

gzreadOP19d ago

So how does your other plan solve that?

johncolanduoni19d ago

1 more reply

j / k navigate · click thread line to collapse