Hacker News new | ask | show | jobs
by AnthonyMouse 1639 days ago
> Can you provide a self hosted granular access permission to your RAID?

Yes.

> How hard is it to configure and maintain?

Very few things are harder to configure or maintain than they are on a cloud service, because if they were, someone (e.g. you) would get frustrated and make them easier, and then they wouldn't be for anyone else.

> Will your colo deflect a DDOS attack?

Ah yes, S3 can handle serving that many requests and keep everything online. But then don't you get a bill for $72 billion dollars?
1 comments
taspeotis 1639 days ago
I believe both Azure and AWS (probably GCP too) have built in DDOS mitigations for free.

https://docs.aws.amazon.com/waf/latest/developerguide/ddos-s...

You might be on the hook for bandwidth costs from a more sophisticated attack though.

link
AnthonyMouse 1639 days ago
That isn't very specific about how it works ("defends against the most common, frequently occurring network and transport layer DDoS attacks" whatever that means), but it sounds like they're going to drop weird looking packets.

The problem is, one of the more common types of DDoS is that the attacker has a botnet with a million machines in it and has them all make legitimate requests to your service all day, thereby overloading it. This looks just like a large volume of legitimate requests, because it is. S3 or similar isn't going to get overloaded, but then what stops you from getting a bill the size of the moon?

To do otherwise they'd either have to be able to distinguish these from legitimate requests (how?) or give you free traffic when you claim you were under a DDoS that they can't distinguish from a large volume of legitimate traffic (unlikely).

link
etothepii 1639 days ago
Why is this unlikely? If you do it several times then they will start to get annoyed and say no but a service like AWS is all about the long term customer relations. I've had bills of ~$1k refunded even though I'm a ~$3 p.m. user.
link
AnthonyMouse 1638 days ago
Waiving a bill for a thousand dollars isn't really costing them a thousand dollars because their underlying cost is much lower than that.

Do the math on how much the S3 bill would be if a million bots each with a 100Mbps cable connection would DDoS you for a month. A thousand dollars is too low by how many orders of magnitude?

You might get them to waive that, maybe, or maybe not. Even at their cost they'd never make it back from you. Do you have any guarantee that they will? What happens if they don't? What happens if they do it once, but the attack hasn't ended?

link