this post was submitted on 29 May 2024
1658 points (99.6% liked)

Technology

59597 readers
3752 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Melvin_Ferd@lemmy.world 18 points 5 months ago (1 children)

Can someone explain why they're not able to protect against this? Couldn't they put request limits or monitor for spikes and banning these attempts?

[–] T156@lemmy.world 42 points 5 months ago (1 children)

Without knowing how, not really. If it's a massive multi-device botnet, like Mirai, for example, that's millions of indvidual devices across millions of addresses, so it isn't so simple as just blocking a domain. Trying to block all of them might well just block legitimate users.

Request limits also wouldn't work if it's millions of devices making a few requests at once, and an overall limit would have a similar locking-out effect as blocking everything. Especially if the DDoS is taking up most/all of that limit.

[–] Melvin_Ferd@lemmy.world 3 points 5 months ago

Just so crazy to me the scale.

Is there any range for how many "a few requests" would be needed to ddos a site like this?