Ask HN: Why can GitHub get DDoS'd, but Google can't?
To clarify, I'm not saying someone _should_ DDoS Google (or Facebook). I'm just curious about how Google (or Facebook) sets up their infrastructure to protect themselves, as opposed to Github.
Or maybe everyone's at risk! How come the anti-information people haven't targeted Google?
20 comments
[ 3.3 ms ] story [ 60.2 ms ] threadSo, a "sufficiently large" site might well not even notice if you tried to DDoS them.
I would assume Google and Facebook (and Twitter) to be examples of such "sufficiently large" sites.
Depends on the DDOS method used. Stuff like the NTP abuse of a few years ago could be sinkholed without effecting any real users. HTTP DDOS has pretty low impact per node so most attackers use some form of amplification attack with other protocols.
The key word is "provable."
"Hey - look at this, I think someone's trying to DDOS us."
> "A hundred thousand requests a second? Neat - is it affecting our latency?"
"Um... no, not really."
> "Give me a shout if they hit a million a second."
I wish there was a way to send that team a beer or something, they're heroes at this point.
Say you get a letter every few weeks from a penpal from years back. You get a few other pieces of mail each day as well, so you quickly sort through them to see if your penpal wrote to you and if so, you pull that message out and throw away the rest.
Imagine you get to your mailbox one day and there are thousands of letters in it. The mail truck comes by for a second run and puts thousands more. Before you've even gotten back to your front door, a third truck comes and does the same.
It's no longer feasible for you to find out if your penpal wrote to you. That's a DDOS.
However, the post office was clearly receiving and processing all of those pieces of mail. They have the capability because they do it every day. Sure, the attacker put some extra load on them, but it wasn't a 100,000% increase like you sustained.
Your mailbox is Github, the post office is Google. Google's infrastructure is set up in a way that there's a lot of it.
Also, wouldn't a DNS provider or hosting service be able to "beef up" to handle the traffic from a DDoS? Especially if it's a nice one, it seems like something you'd expect from them.
And yes, there are ways to essentially start throwing servers online and yes companies do it. The problem is it becomes obscenely expensive — if you do this and go bankrupt, again, the DDOS has succeeded. It's actually somewhat problematic to do it automatically for exactly that reason. What if you preferred to just take your service offline until you could investigate enough to stop the attack instead of pay hundreds of thousands per day in server costs?
This is why DDOSs are a bitch!
Edit: Also worth noting, it's probably for this reason that Github is still accessible: throwing servers online and eating the cost.
https://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=Flow-C...