[CentOS-devel] CentOS services being DDoS'd
Laurentiu Pancescu
lpancescu at centosproject.org
Tue Aug 8 05:30:07 UTC 2017
On 08/08/17 01:57, Akshay Kumar wrote:
> Not true about AWS or GCP. You don't get charged on ingress and it's in
> their best interest to mitigate this at the perimeter.
Indeed, they don't charge for ingress, but your server has to answer to
HTTP requests. Even small responses can add up quickly, moreso if you
are serving ISOs. Another problem is with autoscaling setups - if you
automatically spawn several hundreds of EC2 instances to handle the
increased number of HTTP requests, you'll end up with a pretty big bill.
I've heard of several cases of Amazon choosing to "forgive" the bill
resulting from an attack and you can set usage limits, so it's probably
not that bad.
> L3 and
> Prolexic(Akamai) have all your traffic go through their scrubbing centers -
> really expensive. mod_evasive won't work with any half decent reflection
> attack.
Yes, I think scrubbing centers are technically the best solution
(reverse proxy companies are in the position to perform MitM on SSL
traffic and can only handle HTTP, but they are the most affordable
solution).
Anyway, glad that it's solved now! :)
More information about the CentOS-devel
mailing list