16 comments

[ 3.0 ms ] story [ 42.7 ms ] thread
Shouldn't it be just anti-ddos or ddos-protection? I read anti-ddos-protetion to mean that they're against the things that protect against ddos. Which they're not.
Probably they're going to bash DDoS protection providers there in the future, who knows. ;-)
I actually sent an email offering to help (I have a lot of experience mitigating DDoS attacks) but never received a reply. I imagine they must already have something in the works to resolve this.
Just curious, how are DDoS attacks mitigated?
Depends on the attack and how sophisticated it is. For most layer 7 attacks like this one, you can filter e.g. specific user agents or protocols. One thing that often works (but has some false positives with simpler search engines) is dropping all HTTP/1.0 traffic, because any remotely modern browser uses HTTP/1.1. Essentially you block anything that's unusual, like specific user agents (reflected attacks from user agents containing 'Wordpress' and 'PHP' come to mind a lot especially), HTTP headers, and so forth. Ideally as far upstream as possible, but it can be done on the server level as long as you have enough horsepower to throw at iptables or the web server, and your connection doesn't get saturated. The right IP blacklists can help a lot as well.
It does not work in this case, rogue states like China are using national backbone internet as DDoS tool.

You can find research papers back in 2001 about GFW. The DNS spoofing "service" can be easily used as a x3 amplification tool by anyone.

The implication in the article seems to be it's a GET/POST flood though, not DNS-based. Granted, for DNS amplification, having big enough pipes starts to matter a lot more, which is where providers like OVH shine because of how much network capacity they have, but it's not like DNS traffic can't be filtered. I haven't read the research papers you're referring to though, so I may be overlooking something obvious.
I think a lot of people already did this (including me) and they're probably flooded with offers. Thanks for the support though, I'm sure they're happy about any they get. It's about time to demolish the great firewall of China. :-)
Could you give a report of the statistics of the IP address in the DDOS attack? Maybe you can block all the ip address from China. As I known in China people have to use VPN to access some sensitive websites (such as 8964, falungong, dajiyuan).
That's their dilemma.

One one hand they are abusing CDN or cloud platforms for their broken "collateral freedom" project

One the other hand, every effective DDOS protection outside China has been blocked by China already, like Google Project Shield, Cloudflare, etc.

I assume we can then count the days until they simply block AWS as well? But that explains why they don't use one of these to keep the bad traffic away from their hosting infrastructure and instead of AWS eat all of it.
AWS does not work in China. Tons of EC2 blocked. Rest are just too slow to connect (like >400ms pings)

Very few S3 CDN IP address left with 443 port open, so greatfire.org carefully picked those and hosting content mirrors there.

Although what they operate is totally free speech, legal and reasonable, but it's like your bad neighbor in a VPS who eats all your co-hosting CPU, bandwidth and disk IO. You have no choice but move to somewhere else.

BTW: you can put the contents of Greatfire.org to github, it is free.
China operating under an unprecedented level of transparency!
(comment deleted)