Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

yeah, my argument is that scheduled downtime (scheduled by the infrastructure provider) and ddos attacks (against the infrastructure provider or other customers of the infrastructure provider) should count against the infrastructure provider's uptime.

The current balance of power is tipped, right now, so hard in favor of the attackers that if anyone wants to take /you/ out, well, it's pretty difficult (read: expensive) to stop them, and if you are some $20/month customer, your upstream is probably going to just finish the job and cut you off... but if the guy next to you gets attacked and you are collateral damage? You should count that against your service provider. There are usually things we can do (as service providers) to limit collateral damage, even in the cases where we are unable to protect the target. If nothing else, providers who tend to tolerate sites that get attacked often, well, they suffer collateral damage from attacks, generally speaking, more often than sites that are less tolerant. It's sad, really 'cause sometimes the targets are not doing anything really wrong, but you've gotta protect your network.

There is some advantage of scale here, too... The DoS that is hardest to fight is the pipe-filling attack. If the attacker can fill your upstream port(s), then there isn't really much you can do, besides blocking the target at your upstream, (I mean, assuming the source is random, as it often is.) The larger your upstreams are, the more you can absorb before you have a choice between cutting off the target customer and having all your customers cut off.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: