On Wed, Sep 30, 2015 at 7:53 AM, Georgi Guninski <guninski@guninski.com> wrote:
How do you survive large scale DDOS?
Coordinate while waiting it out. Use anycast. What most people call dDoS is not a denial but really their silly IDS screen pointing out fhe fact that they've merely plugged their box into the net. These are the same idiots that OMG SSH SCAN! A REAL DoS fills your pipe to capacity+1. A FUN DoS fills your provider's pipes to capacity+1, bonus if more upstream or peering get sunk therein. Partly why CF have free / cheap tiers because it's not real DoS there, so CF isn't paying to absorb any, nor is their peers kicking them for attracting nothing. On the other hand, CF does absorb legit DoS too. That's in addition to aiding and abetting ISIL terrists while avoiding heat from US Govt friendlies, breaking what would be computer crime tapping laws with MitM, and pissing off innocent VPN/Proxy service/Tor users. http://docs.house.gov/meetings/FA/FA18/20150127/102855/HHRG-114-FA18-Wstate-...