Hacker News new | past | comments | ask | show | jobs | submit login
Cloudflare Reports Massive Slowdown in Network Level DDoS Attacks (cloudflare.com)
136 points by IcyApril on Nov 26, 2017 | hide | past | favorite | 16 comments



After RSnake introduced slowloris in 2009, it’s been something of a minor miracle that L7 attacks have stayed as rare as they have until now. Don’t understand why SYN Floods have been the preferred way to DDoS until recently-they’ve been obsolete for nearly a decade..


Dumb packet flood is easy.

L7 DoS requires more sophistication, because the attack code needs to stateful (iow. establish sessions) and craft requests that are better targeted. These in turn require either real effort or tools that reduce the effort.

All of this implies one thing: packet flood mitigation has finally become so ubiquitious that dumb flooding is no longer lucrative. So one could say that due to lack of low-hanging fruit the attackers are now moving up in the value chain.


>they’ve been obsolete for nearly a decade..

It's almost like the entire Internet doesn't immediately handle every vulnerability as soon as it comes out...


You’d be surprised to learn that most of the targets are using the same small group of cdns, mostly Cloudflare and a few more.

Handling these attacks is difficult and a cdn is cheap.


Synfloods are really easy to accomplish comparatively. That said with the size and sophistication of the botnets these days I suspect that'll start to change to higher level attacks against services.


Slowiris doesn’t affect an async server like nginx, which Cloudflare deploys.


You need to configure it properly, though, otherwise you can still easily hit the open file descriptors limits in the OS.


Must be hard to adjust to different light with a slowiris.


They still work.


If it's the most effective tool for the job, it's not obsolete.


> eventually leading to hundreds of Android apps being removed and a process started to remove the malware-ridden apps from all devices.

So if you download the wrong app, your phone is now part of a botnet and that bandwidth you pay for is part of a DDOS attack. Scary.


I thought this is the older way of doing DDoS, like replicating user's behaviour and overwhelming the server with repeated requests. And it's very obvious that any public facing API should be heavily cached and rate limited, in fact, all the major application frameworks provide easy to implement code for these.

But yeah, more developers should be aware of the possibility of this.


I am not a ddos mitigation expert, but I am under the impression that the remedies you mention are only going to help with relatively small attacks. It is very inexpensive to buy enough DDOS capacity to saturate a whole server's CPU just decoding requests. Caching and rate limiting aren't going to help you much then.

If you're a serious target these days, you basically need to have your services behind one of the big solutions. Rolling your own is far too expensive for any but the largest players. Cloudflare, GCE, and I'm sure many others offer ddos mitigation for grownups.


Devs need to remember to use performance monitoring tools to see where the slow code is - we had an app that could come to a halt if more than 10 people logged in, in one second - it took forever to dynamically generate the menus. Stupid recursion error, quieted NewRelic alerts down right away.


"Cloudflare Reports Massive Slowdown in Ability to Get Publicity From Volume-metric DDOS Attacks."


[flagged]


I do remember, but I don't see how it's relevant to this article.

It seems unfair to say that "Cloudflare continues to pretend this never happened" since they have a blog entry detailing exactly how the leak happened:

https://blog.cloudflare.com/incident-report-on-memory-leak-c...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: