[tempnow987]

I thought OVH and Hetzner were the source of a ton of these DDoS attacks. Their IP ranges always seem to be in abuse logs.

Cloudflare write in a recent attack:

The top networks included the German provider Hetzner Online GmbH (Autonomous System Number 24940), Azteca Comunicaciones Colombia (ASN 262186), OVH in France (ASN 16276), as well as other cloud providers.

https://blog.cloudflare.com/15m-rps-ddos-attack/

[mike_d]

Hetzner operates a 5-10 Tbps network, roughly the same traffic volume as all of Spectrum/Charter Communications (the 2nd largest cable company in the US). They show up everywhere because they are a big part of the internet.

A wise network operator once told me - never shit on people when they are under attack. Because in the not too distant future you are going to be the victim.

[onphonenow]

Umm.. AWS and GCP and friends dwarf these guys, but I zee Hetzner, OVH and DigitalOcean in these things.

[Dylan16807]

I bet a big factor is that AWS and GCP charge obscene markups for bandwidth. Much harder to get away with.

[jjeaff]

Of course, no one could afford a ddos from AWS or GCP. Even in the case of compromised machines, the huge traffic bill is going to alert everyone pretty quickly.

[CircleSpokes]

I mean that makes sense no? Attacks like that rely on compromised servers so it shouldn't be a big surprise large hosting provides are among the biggest attackers. Other large ISPs like digital ocean and Alibaba are among the top attackers in that attack also.

I assume this attack is UDP based unlike the one you linked too.

[onphonenow]

Where are the AWS and GCP ranges then?

They aren't even in the top 10 here. Its the claim hetzner is larger than AWS? I find that highly unlikely.

[manishsharan]

We probably don't see AWS or Azure as source if these DDOS attacks because of egress costs.

[viraptor]

People aren't paying with their own money for DDoS machines normally. Well, maybe there are some small operations like that. But often the traffic comes from a hacked service that's a part of a bigger botnet. It may lead to a larger detection ratio on AWS/GCP, but the attackers are not paying the costs.

[vladvasiliu]

Attackers aren't paying with their money, but it's important for them to go undetected. If your bandwidth is a fixed cost (ie isn't related to your actual usage) you are much less likely to keep an eye on it than if it costs an arm and a leg.