undefined | Better HN

0 pointsSomething12346y ago0 comments

So how does that actually work?

Doesn't AWS charge an arm and a leg for traffic?

0 comments

AWS charges an arm and a leg for outbound traffic, inbound traffic is free. Volumetric attacks are all about overwhelming your inbound; if AWS will swallow that at their ACL layer for you, that's seems pretty useful, and shouldn't generate billing.

dragonwriter6y ago

OTOH, it's tricky to direct your inbound to AWS without involving them in your outbound...

toast06y ago

Certainly... It was more of a if you're on AWS and you attract a volumetric attack, it's not going to cost you an arm and a leg.

Maybe you could run www on AWS and your real service somewhere with reasonable prices for traffic. In my experience, people who randomly DDoS tend to hit www rather than useful parts of a service.

judge20206y ago

In terms of running a data lake or keeping stuff for a long time, it's great, but of course they're banking on you moving a bunch of data to AWS to either train ML off of (compute costs) or keep it there and rack up storage space charges.

mekster6y ago

Seems to benefit AWS as well when if it's not blocked, your server can respond with some payload which means useless outbound traffic for AWS to pay and to charge customer to make them unhappy but instead if AWS drops them, good for both.

dylz6y ago

Basic volumetric - which is what the smaller providers can't handle, AWS can eat easily.

I don't believe I've been charged for this type of attack. The one you should look out for if you are new to AWS and trying to do this "trick" is L7 repeated downloads of high-file-size content to consume your budget rapidly.

pansa26y ago

> L7 repeated downloads of high-file-size content to consume your budget rapidly.

How an one protect against this type of attack?

pansa26y ago

Yes - this is my main concern about moving a website from a fixed-price service to S3+CloudFront.

j / k navigate · click thread line to collapse

0 comments

toast06y ago

dragonwriter6y ago

OTOH, it's tricky to direct your inbound to AWS without involving them in your outbound...

toast06y ago

Certainly... It was more of a if you're on AWS and you attract a volumetric attack, it's not going to cost you an arm and a leg.

Maybe you could run www on AWS and your real service somewhere with reasonable prices for traffic. In my experience, people who randomly DDoS tend to hit www rather than useful parts of a service.

judge20206y ago

mekster6y ago

dylz6y ago

Basic volumetric - which is what the smaller providers can't handle, AWS can eat easily.

pansa26y ago

> L7 repeated downloads of high-file-size content to consume your budget rapidly.

How an one protect against this type of attack?

pansa26y ago

Yes - this is my main concern about moving a website from a fixed-price service to S3+CloudFront.

j / k navigate · click thread line to collapse