• @Melvin_Ferd
    link
    English
    186 months ago

    Can someone explain why they’re not able to protect against this? Couldn’t they put request limits or monitor for spikes and banning these attempts?

    • @T156
      link
      English
      436 months ago

      Without knowing how, not really. If it’s a massive multi-device botnet, like Mirai, for example, that’s millions of indvidual devices across millions of addresses, so it isn’t so simple as just blocking a domain. Trying to block all of them might well just block legitimate users.

      Request limits also wouldn’t work if it’s millions of devices making a few requests at once, and an overall limit would have a similar locking-out effect as blocking everything. Especially if the DDoS is taking up most/all of that limit.

      • @Melvin_Ferd
        link
        English
        36 months ago

        Just so crazy to me the scale.

        Is there any range for how many “a few requests” would be needed to ddos a site like this?