Forgot your password?
typodupeerror

Comment: Pay your protection money (Score 2) 197

by Ryan Amos (#39627753) Attached to: Ask Slashdot: Experience Handling DDoS Attacks On a Mid-Tier Site?

To most of the commenters: WTF? You have obviously never been involved in a DDOS attack. Here is why:

1) A typical DDOS attack in 2012 will send traffic measured in hundreds of MBPS/GBPS down your pipe. Not only is this a massive volume of traffic, but almost all of it is in the form of SYN/ACK packets (which are exponentially more difficult for your frontend servers to handle; especially when they are never followed by a FIN.) This is many orders of magnitude more difficult to deal with than what most sites are scoped for. You cannot just "handle it," we're talking about something that is often 7-8 standard deviations away from your "normal" peak traffic levels. In other words, your infrastructure cannot handle it. Because if you overbuilt your infrastructure to those levels, you are an idiot. DDoS protection services cost a fraction of what it would cost you to build a network that could handle that.
2) Your normal DDOS doesn't come from one "large user." (hence, the first D in DDoS.) It comes from thousands (or hundreds of thousands) of IP addresses, all at once. Botnets? Yeah, they are real things, and they can be really destructive. And bad people control them, and you may have fired their mother at one point. Who knows why they have it in for you, but they probably will at some point.
3) Even if your infrastructure could handle an amount of legitimate traffic equal to the volume the DDoS will produce over the span of 6-12 hours, you would then have to pay for it. I promise you, you don't want to be in that position. Most hosting providers probably won't make you pay for all of it, but they will become real interested in what you're hosting that would make someone want to DDoS you in the first place. And your boss will probably make you find a proxy solution to solve the problem; so why not be proactive about it so you can say "Yeah, those /b/tards decided to DDoS us, but I took care of it 3 months ago."

TL;DR: DDoS proxy services like CloudFlare exist for a reason: it's simply not economically feasible to overbuild your infrastructure to the point where you could survive such an attack. Pay the man, keep your site up, and ignore the punks smashing cars in the street because you have insurance, so fuck em.

Editorial

+ - Can the U.S. Army defeat the Blackwater Army?

Submitted by Anonymous Coward
An anonymous reader writes "Even though this is a hypothetical question, what if the Blackwater private army's purpose is to make sure the U.S. Army will keep fighting in Iraq/Iran and no military opposition can arise against the Bush Administration? I doubt these will be true, but who would win if these two armies fight each other? Should the U.S. even have a private army?"

APL hackers do it in the quad.

Working...