[CentOS-devel] CentOS services being DDoS'd

Tue Aug 8 05:30:07 UTC 2017
Laurentiu Pancescu <lpancescu at centosproject.org>

On 08/08/17 01:57, Akshay Kumar wrote:
> Not true about AWS or GCP. You don't get charged on ingress and it's in
> their best interest to mitigate this at the perimeter.

Indeed, they don't charge for ingress, but your server has to answer to 
HTTP requests.  Even small responses can add up quickly, moreso if you 
are serving ISOs.  Another problem is with autoscaling setups - if you 
automatically spawn several hundreds of EC2 instances to handle the 
increased number of HTTP requests, you'll end up with a pretty big bill. 
  I've heard of several cases of Amazon choosing to "forgive" the bill 
resulting from an attack and you can set usage limits, so it's probably 
not that bad.

> L3 and
> Prolexic(Akamai) have all your traffic go through their scrubbing centers -
> really expensive. mod_evasive won't work with any half decent reflection
> attack.

Yes, I think scrubbing centers are technically the best solution 
(reverse proxy companies are in the position to perform MitM on SSL 
traffic and can only handle HTTP, but they are the most affordable 
solution).

Anyway, glad that it's solved now! :)