[judge2020]

How do we prevent DDOS without centralized services like these? There has to be something.

It would be nice if these attacks were blocked before they even get to a transit provider, but cheap server / VPN providers seem unmotivated to try to solve the problem (since they barely lose any money when they facilitate the DDOS, and/or the attacking devices are rogue IoT devices and booting them would mean booting legitimate customers who don't know the first thing about auditing their network for compromised devices).

[BrainVirus]

Transfer away from HTTP and DNS. Use something like global NATS clusters for content delivery. Make sure there are many providers.

Problem is, this is not what Big Tech actually wants.

[yjftsjthsd-h]

Thinking out loud: Maybe by decentralizing the things being attacked? AFAIK it's much harder to DDoS a torrent than a website. Of course, moving a p2p/decentralized websites would require solving a number of other problems.

[kajika91]

Trust, we prevent DDOS with a trust system between nodes.

But this would put Cloudflare out of business so...

[breakingcups]

There's a Dutch co-operative between many big and small ISPs and hosting providers called "Nationale Beheersorganisatie Internet Providers" who provide a service for their members called "NaWas" (Afterwash?). Any service provider can choose to route their traffic through there in a matter of minutes.

It's not as broad and sophisticated as Cloudflare may be, but at least it's not one big centralized entity all the time, it's only activated as needed and run by a co-op, basically.

[Grimburger]

Pay per packet.

I remember maidsafe was working on this for many years without much success. Then they got into crypto for micropayments a decade later and it all got a bit messy. Not sure how the project is doing these days but it was a solid concept at heart.

https://maidsafe.net/

> legitimate customers who don't know the first thing about auditing their network for compromised devices

An IoT device not suddenly working is a good signal to endusers that it is compromised and being used illegally.

[msh]

So you want to put everyone on a metered internet connection?

And then hit them with massive bills if they have a device that gets hacked?

Seems unreasonable given the current state of security.

[8note]

If you don't hold people accountable for their devices, what reason do they have to care about that security?

[msh]

I think that it's morally wrong to push the burden to end-users. If anyone should be accountable it must be the companies producing the devices and software.

[Grimburger]

End-users would likely end up in large class actions against the manufacturers in such a hypothetical situation.

While turbulent for a brief moment it would be a strong market incentive for those who pump out insecure devices to change their ways.

[msh]

That was not how the airlines was (very successfully) secured. It was by goverment regulations.

[Grimburger]

Was referring to a separate network if you briefly care to check the link I posted. DDOS'ing becomes a very costly endeavour, site owners don't need third parties to step in.

> And then hit them with massive bills if they have a device that gets hacked?

A ddos botnoet uses very little bandwidth in total for the individual, but yes someone should pay and there's certainly far worse things that can happen if they weren't made aware of a compromised device.

At some point global society has to decide whether we just employ more body scrapers to clean up the mess or stop letting people drive as drunk as they want on the roads. Cloudflare is the former.

[macintux]

> An IoT device not suddenly working is a good signal to endusers that it is compromised and being used illegally.

Given the overall quality of cheap electronics, if I had a camera on the fritz, even knowing what I do, the last thing I’d suspect is that it’s been compromised.

[dogecoinbase]

We dismantle the service providers that provide cover for the forums in which DDoS attacks are advertised and purchased, like Cloudflare themselves.