Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A lot of the people commenting don't seem to understand how hard it is to fend off such DDoS attacks. You either need some serious infrastructure (cloudflare style) or you need to buy equipment to mitigate attacks (like radware devices) or route it via a DDoS mitigation service (prolexic style). The one thing all these solutions have in common is that they are insanely expensive. People can buy a 1 gigabit DDoS for only a few bucks, whereas mitigating a 1 gigabit DDoS will cost you either $20K+ dollars for a mitigation device or some stupid amount of money to have a service like prolexic mitigate it for you. Services like cloudflare are a whole load cheaper but only provide basic reverse proxy protection and still leave your server vulnerable for attacks directed at it's IP instead of DNS name.

I can't say I've ever heard of Hetzner, but from the comments I'm reading they apparently offer servers for cheap. Bearing in mind how much money DDoS mitigation costs I don't see how they could handle this any other way without having to make some pretty serious investments (which in turn would make their hosting less cheap as the money has to come from somewhere, right?)



You can do some of it via BGP, which is a standard method for handling routing once you become any sort of server provider with multiple bandwidth providers. It is builtin to some Juniper devices already, for instance: http://njetwork.wordpress.com/2013/04/30/mitigating-ddos-att...

There are other ways to do it via BGP also. Plus there is null-routing, bandwidth limiting, etc.


juniper is the only one that provides that and flowspec is not going to be able to block everything. Other then that BGP is not really going to help with attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: