[stcredzero]

The significant thing about "script kiddy DDOS" level attacks, is that they significantly raise the effort and expense for the smallest projects. This is exactly where the most important innovations happen:

http://www.paulgraham.com/marginal.html

Finally we moved over to OVH and placed a few really powerful servers in-front of the game server and applied some ipfilter rules to reduce common attacks. That ended up being the cheapest option out of all the options

The cheaper attacks seem to be at the level, where machine learning could be able to counter them. Raising the bar for inexpensive attacks would be a huge boon to the internet and human progress. It wouldn't be that expensive to fund, either.

We used to run a game server for a small community of around 400-500 people and DDos attacks were something we had to face almost every week, whenever someone got upset with the admin team, the go to solution was was to DDos, you get scammed by another player? DDos. Got banned for saying racist things ingame? DDos. You figured out a new way to cheat in game and the admins fixed it? DDos.

I wonder if this sort of thing could be honeypotted? Give perpetrators a way to figure out and target a fake "edge server" of a particular user? (Which only affects about 5% of your user base, let's say.) However, that "edge server" is actually a honeypot that gathers data on the attack, and correlates that to support emails to the admin team, or flame wars in the game's forums.

This is the kind of suckage that holds back the entire network, but which can ultimately be defeated:

http://www.paulgraham.com/spam.html

[KirillPanov]

"Learning" has nothing to do with any of this. Deciding which packets are part of the attack is not hard at all.

What's hard is paying for 100s of gigabits of bandwidth, 24x7, so the incoming packet flood doesn't crowd out the good traffic before it gets to your filtering box.

Basically the only solution there is centralization. Cloudflare can afford to buy 1000s of times more bandwidth than any one of its customers needs, because it has (much more than) 1000s of customers.

[dasyatidprime]

As far as auto-learning to counter such things, https://linuxsecurity.com/features/features/introducing-crow... did show up recently: an attempt at a crowd-data-enhanced next-gen-fail2ban-alike. (Not an endorsement, never tried it.)

I don't think it uses any of the techniques currently considered central to machine learning, but if it works well / catches on to start with then it could be a good place to see how useful those would be.

[blibble]

I don't see how that project helps solve the underlying problem: denial of service

if the idea kicks off, instead of spamming packets directly at their targets: kiddies will switch to feeding cloud-fail2ban with their target's IP addresses

and there will be paid services to do this for you

same effect

[stcredzero]

if the idea kicks off, instead of spamming packets directly at their targets: kiddies will switch to feeding cloud-fail2ban with their target's IP addresses

As far back as the 2000's, kids knew to keep their IP addresses secret. There are plenty of real-time game server architectures where no game client knows the IP address of another game client. This might not be feasible for very fast paced FPS games, for example, but that's only one particular use case.

I suspect we could significantly raise the bar to DDOS something like 80% of all websites/apps/servers -- at least to the level where random kids or even random middle class adults would think about it because they had a bad day.

[zacmps]

> I wonder if this sort of thing could be honeypotted?

One method could be to anycast the domain to a bunch of edge servers which all relay traffic to the actual server.

DNS queries of the domain return the closest edge which gets attacked, other edge servers can still route.