[matuszeg]

Having to pay for the extra traffic is similar to having to pay for rent and staffing for that day of the sit in. Its built in costs of operating that have to be paid because their time of running the business was temporarily suspended.

[cft]

If you have a serious sustained DDoS (40+Gbps as mentioned in the affidavit), most ISPs will first null route you, and then attempt to terminate your contact. I leave it up to you to draw the parallel with the corresponding landlord's actions.

[stef25]

Is the obvious solution Cloudflare? Otherwise I don't see how this isn't the perfect way to knock competitors offline.

[Arie]

For web traffic, yes, it's a solution. But if you deal with gameserver traffic like me, Cloudflare can't save you.

OVH's anti-DDoS (GAME variant) is quite good in my experience for protecting non-web traffic.

[jgrahamc]

Cloudflare has a product called Spectrum that is used for game servers and other things: https://www.cloudflare.com/en-gb/products/cloudflare-spectru... (does arbitrary TCP and UDP).

[lcw]

If you have to hire 10x more staff then usual and have them sit around.

[BeeOnRope]

Sure, there's a quantitative difference but not necessarily a qualitative one.

[ben-schaaf]

I mostly agree, if the DDoS is just more real visitors. But it's a whole other problem when the attacker is using amplification or a botnet. Then it's more the equivalent of stealing a bunch of people's trucks and then driving them into the store to stop business.

[lcw]

Right I get that in both cases the business can't operate, but if you take an example of a modern web application and a ddos with an ounce of sophistication it can be hard to quickly understand what is happening. So your autoscaling ramped up then you realize something extraordinary is happening. By that time you start trying to stop things at the edge, but some costly damage could have already been done as far as hardware resources or engineering time. Now your spending more money than you would have had to in a normal day of business, and you aren't making money is my point.

[salawat]

Then the sit in was a resounding success.

The fact you've used computers to magnify the effect of the protest to your detriment is besides the point.

You set up the business, and arranged for automatic scaling ahead of time. This doesn't entitle you to some special protection because you never took into account something like that could happen.

That's the risk inherent to technology. It lets you.scale. Even when you'd rather you didn't.