Re: It would be interesting to know
The problem with DDoS is that you can only combat it from one step higher.
If you're DDoS'd, you need to implement a filter on the data coming in BEFORE it comes down the line. And with Distributed, those filters are more complex than you might think (i.e. millions of random web requests from random IPs would do it, but how do you distinguish real users?).
Pretty much, that's your first port-of-call, and the end of your worrying. The upstream then has to work out where it's coming from and try to filter from source, if that's possible, or just swallow the traffic for you. It matters not what YOU have in-house, that's always capable of being overwhelmed. It's what your upstream partners have, as they are the ones collating packets from millions of smaller connections into one big bundle for you, and they have to fix it there, not just blindly send it to you.
No amount of technology can really solve that issue, while it's still possible to generate a genuine web request from a genuine user's compromised PC, as that genuine user, it's impossible to distinguish no matter you put in the way of cookies, authentication, behaviour-tracking, etc.
It's cheap to tell 1,000,000 computers that you don't own, to all access a website at the same time. The people who own the computers are paying for the resources. It's not cheap to run a website capable of dealing with 1,000,000 extra visitors without noticing.
As time goes on, the problem isn't going to change much except in scope. We can only hope that backhaul transit increases in sizes proportional to the average home broadband user. While it takes, what? 10-30 compromised home fibre connections to flood a 1Gbit leased line now, if that scale doesn't increase at the same rate at both ends then it becomes even easier to swamp a connection.
(it's wishful thinking that larger connections would grow at a faster rate than home ones, however).
What happens when every user has uncontended gigabit? You better hope that every ISP becomes good at filtering, or that every backhaul and datacenter start offering 100Gbit as the basic business leased line / the interface to the cheapest server they rent out.
To be honest, servers in datacentres would be my worry. It's pretty standard to get only 100Mbit or 1Gbit networking. Most servers running in datacentres, therefore, could be taken down by a single fibre home-user with a grudge quite quickly if there was no mitigation. And paying to have every single blade / VM / whatever to have 100Gbit connectivity and necessary switching/upstream for that sounds expensive
Biting the hand that feeds IT
