[globie]

This conclusion stems from that it is much easier to launch a DDoS from a single server w/ spoofed traffic than to use a botnet. If you have a single 10Gig server, you will likely not be able to take down another 10Gig server unless the target is already doing near 1gbps[0]. I believe most "noise" DDoS which effects random website operators is considerably less than 10Gbps, and pretty much every giant attack uses spoofed traffic which can be blocked upstream without a WAF. So long as your upstream is big enough.

[0]: I made it up, again.

[wmf]

DDoS is distributed denial of service. It isn't coming from one server. It's now trivial to buy 100 Gbps or more of DDoS so sites would need 400G or more to simply eat it.

[globie]

If you have a single server flooding spoofed traffic, it appears as a DDoS to the victim. It's at this point that the distinction between DoS/DDoS breaks down slightly.

It is very much not "trivial" to buy 100Gbps+ of DDoS. I'm highly confident the majority of D/DoS attacks are from single servers, because it works. If you have a 10Gbit server and your target has 1Gbit (or you 1Gbit and them 100Mbit, it still happens), it's not a question of if you can take the target down, but how long you can sustain that traffic level before your upstream notices.

Painting every D/DoS as the most bandwidth ever is a play out of Cloudflare's marketing. If every website operator knew that 1, you don't need that much bigger of a pipe, and 2, you shouldn't buy pipes that charge you $20+/TB like AWS anyway, then Cloudflare would have a much harder time selling you a downgrade in quality, and we would have faster and cheaper networks to boot.

[esseph]

Command and control is distributed and load balanced now.

Taking down a single endpoint that can issue commands no longer stops the attack and the attack is now going through multiple layers of DNS obscuration.

Architecture of a modern DDoS service looks much like any modern geographically distributed production application and network.

Attacks are getting quite sophisticated, and are extremely, extremely cheap.

[majke]

Consider applying to Cloudflare: https://www.cloudflare.com/en-gb/careers/jobs/?department=En...