frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic

https://arstechnica.com/security/2025/06/record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/
53•Brajeshwar•5h ago

Comments

smokel•5h ago
> A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack.

How is that more complicated than a for-loop?

ukuina•5h ago
Because it's a distributed for loop?
lolinder•3h ago
Not necessarily. It could be one for loop running on tens of thousands of compromised IoT devices, with the only thing distributed being the command that starts the loops.
saulpw•1h ago
Sounds like you've never managed tens of thousands of nodes in a distributed system. It's not trivial.
jjtheblunt•37m ago
(elixir / otp says "hold my beer")
luckylion•25m ago
What would making a C&C server for a botnet hard? It's not like you need to carefully coordinate all those clients to hit precise timings, you just tell them who to target and let them rip, don't you?
blitq•5h ago
It’s not :)
monster_truck•3h ago
You can't just spray every port blindly if you are maximally trying to disrupt, there is nuance to it.
lolinder•3h ago
Right. So why does the fact that they targeted 34,500 ports show it was a well-engineered attack? By itself it's just evidence that they know how to iterate over ports. Coupled with the data size (7.3Tbps) we know they had an enormous botnet. None of this points to a well-engineered attack, it just means that lousy IoT has made botnets incredibly cheap.

A well-engineered attack would not draw headlines for its scale because it would take down its target without breaking any records.

motorest•2h ago
> A well-engineered attack would not draw headlines for its scale because it would take down its target without breaking any records.

You don't hear much about DDoS that are either comparable in size or bring down targets. How do you explain why this one made the news in spite of not having met your arbitrary and personal bar?

lolinder•2h ago
Like I said: it broke records for data throughput. It doesn't hurt that Cloudflare has an interest in publicizing the size of the DDoS attacks it fights off.

> in spite of not having met your arbitrary and personal bar?

I'm not sure what you mean by this. I didn't establish any sort of bar for what sorts of DDoS should get headlines, I'm just agreeing with OP that that line in the article doesn't make any sense. There may be other reasons to believe this attack was well-engineered but the article doesn't get into them.

rob_c•2h ago
> How do you explain why this one made the news in spite of not having met your arbitrary and personal bar?

It's that a serious question or bait?

Either way, are you so broken as to not understand what was just typed?

balanc•5h ago
Doesn’t Cloudflare have every incentive to inflate the bandwidth of the attack they have successfully mitigated?

And yes I know that there are Cloudflare employees here so spare me with your pinky swears.

x2tyfi•4h ago
Couldn’t this logic apply to basically every internal metric across every company?
udev4096•4h ago
Clownflare is more incentivized to make it look like they are the only ones who can defend against such an attack so they could gather more users for backdooring the majority of internet traffic. I wonder if it would be possible to create a peer-to-peer and decentralized DDoS mitigation service for anyone. All you gotta do is donate some of your bandwidth
eviks•4h ago
How does it counter the incentives of all other companies to make it look like they're not the only one???
mlyle•3h ago
Cloudflare has the biggest scale and is arguably best positioned to soak up massive attacks. Therefore CF may have a unique incentive to make it sound like attacks are larger and there are more really big ones.
eviks•3h ago
> is arguably best positioned

Lying about the scale of thwarted attacks by others is the counter argument

perching_aix•2h ago
Speaking of incentives, what might be the incentives of those referring to them as Clownflare? I sure have to wonder what their biases are, and how fairly they represent the company.
move-on-by•3h ago
A couple months ago Brain Krebs, who uses Google’s Project Shield, wrote of a very similar attack. 6.3 terabits, all UDP, less then a minute.

https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with...

ksec•4h ago
If I dont want my user to have Cloudflare captcha or for example captcha dont work on my Safari 18.5 running on OpenCore Patcher MacBook 2015. What other options have I got?
nemathod•4h ago
GRE-Tunnel
VladVladikoff•4h ago
I’m confused what this would accomplish? Do GRE tunnels drop UDP packets or something?
firebird84•4h ago
You make a contract with a company that does layer 3 ddos protection, you advertise a route including their AS on a subset of your prefixes and they route to you over a GRE tunnel.
VladVladikoff•4h ago
Most websites don’t need DDOS protection. Many websites which use Cloudflare to block basic bot vulnerability scanning. You could block this type of traffic with other methods; ja3/ja4, Ip to ASN & ASN filtering, etc.
esseph•2h ago
Your first line is wrong.

While it may not impact your site, it does impact your hosting provider. As their costs go up, your costs go up. Anything on the Internet at this point needs DDoS / scraping protection. If may not drop your service, but your ISP or upstreams may blackhole your route.

The "old web" (current web) was largely based on an open exchange of information.

The "new web", post AI bot scraping, is taking its place. Websites are getting paywalls. Advertising revenue is plummeting. Hosting providers are getting decimated by the massive shift in bandwidth demand and impact to systems scraped by the bots.

zzzeek•3h ago
dont piss off any nation-states that would want to take your site down, should help
petee•3h ago
Fwiw, i have a site with nearly zero content or users; randomly it got ddos'd one day, and never happened again. I think the reasons for a ddos can be wide ranging, from just testing, to nation state, to someone is unhappy with your font choice
inetknght•2h ago
> to someone is unhappy with your font choice

Everyone hates when I set my app's fonts to courier size 8.

esseph•2h ago
An 11 year old with a discord account and a stolen credit card can now rent massive capabilities that can take (smaller, limited peered) entire countries offline for brief periods these days.
encom•2h ago
So this "article" "source" is Cloudflare, claiming Cloudflare blocked some super duper mega attack, but gives zero verifiable detail about any of it.

Now I hate Cloudflare with a passion, but even setting that aside, this is journalistic malpractice - it's basically a sponsored post. I was going to say I expected better from Ars Technica, but their glory days are long gone.

gundmc•23m ago
Why do you hate Cloudflare so passionately?
esafak•51m ago
Who's doing this and why?
ChrisArchitect•34m ago
[dupe] discussion on source: https://news.ycombinator.com/item?id=44330585

Airpass – easily overcome WiFi time limits

https://airpass.tiagoalves.me/
145•herbertl•3d ago•82 comments

Behind the scenes: Redpanda Cloud's response to the GCP outage

https://www.redpanda.com/blog/gcp-outage-june-redpanda-cloud
63•eatonphil•3h ago•24 comments

Scaling our observability platform by embracing wide events and replacing OTel

https://clickhouse.com/blog/scaling-observability-beyond-100pb-wide-events-replacing-otel
142•valyala•9h ago•58 comments

Using Microsoft's New CLI Text Editor on Ubuntu

https://www.omgubuntu.co.uk/2025/06/microsoft-edit-text-editor-ubuntu
153•jandeboevrie•3d ago•174 comments

Tell HN: Beware confidentiality agreements that act as lifetime non competes

55•throwarayes•2h ago•14 comments

Delta Chat is a decentralized and secure messenger app

https://delta.chat/en/
184•Bluestein•12h ago•92 comments

Samsung embeds IronSource spyware app on phones across WANA

https://smex.org/open-letter-to-samsung-end-forced-israeli-app-installations-in-the-wana-region/
598•the-anarchist•15h ago•359 comments

Microsoft suspended the email account of an ICC prosecutor at The Hague

https://www.nytimes.com/2025/06/20/technology/us-tech-europe-microsoft-trump-icc.html
287•blinding-streak•6h ago•144 comments

Hyprland Premium

https://account.hypr.land/pricing
3•DaSHacka•1h ago•0 comments

Weave (YC W25) is hiring a founding AI engineer

https://www.ycombinator.com/companies/weave-3/jobs/SqFnIFE-founding-ai-engineer
1•adchurch•1h ago

Phoenix.new – Remote AI Runtime for Phoenix

https://fly.io/blog/phoenix-new-the-remote-ai-runtime/
515•wut42•1d ago•232 comments

YouTube's new anti-adblock measures

https://iter.ca/post/yt-adblock/
773•smitop•1d ago•1104 comments

Harper – an open-source alternative to Grammarly

https://writewithharper.com
496•ReadCarlBarks•22h ago•140 comments

'Gwada negative': French scientists find new blood type in woman

https://www.lemonde.fr/en/science/article/2025/06/21/gwada-negative-french-scientists-find-new-blood-type-in-woman_6742577_10.html
108•spidersouris•11h ago•53 comments

AbsenceBench: Language models can't tell what's missing

https://arxiv.org/abs/2506.11440
288•JnBrymn•20h ago•74 comments

Plastic bag bans and fees reduce harmful bag litter on shorelines

https://www.science.org/doi/10.1126/science.adp9274
182•miles•19h ago•113 comments

Life as Slime

https://www.asimov.press/p/slime
38•surprisetalk•4d ago•24 comments

Show HN: MMOndrian

https://mmondrian.com/
23•neural_thing•8h ago•11 comments

Captain Cook's missing ship found after sinking 250 years ago

https://www.independent.co.uk/news/science/captain-cook-missing-ship-found-hms-endeavour-b2771322.html
123•rmason•3d ago•39 comments

The Nyanja new PC-Engine/TurboGrafx 16-bit console game in development

https://sarupro.itch.io/thenyanja
8•retro_guy•2d ago•0 comments

Cosmoe: BeOS Class Library on Top of Wayland

https://cosmoe.org/index.html
145•Bogdanp•9h ago•55 comments

Visualizing environmental costs of war in Hayao Miyazaki's Nausicaä

https://jgeekstudies.org/2025/06/20/wilted-lands-and-wounded-worlds-visualizing-environmental-costs-of-war-in-hayao-miyazakis-nausicaa-of-the-valley-of-the-wind/
239•zdw•1d ago•64 comments

Unexpected security footguns in Go's parsers

https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
137•ingve•3d ago•78 comments

Sega mistakenly reveals sales numbers of popular games

https://www.gematsu.com/2025/06/sega-mistakenly-reveals-sales-numbers-for-like-a-dragon-infinite-wealth-persona-3-reload-shin-megami-tensei-v-and-more
183•kelt•12h ago•166 comments

Augmented Vertex Block Descent (AVBD)

https://graphics.cs.utah.edu/research/projects/avbd/
63•bobajeff•14h ago•6 comments

Balatro for the Nintendo E-Reader

https://mattgreer.dev/blog/balatro-for-the-nintendo-ereader/
4•arantius•1h ago•0 comments

AI Is Ushering in the 'Tiny Team' Era in Silicon Valley

https://www.bloomberg.com/news/articles/2025-06-20/ai-is-ushering-in-the-tiny-team-era-in-silicon-valley
3•kjhughes•28m ago•1 comments

Show HN: Nxtscape – an open-source agentic browser

https://github.com/nxtscape/nxtscape
286•felarof•1d ago•184 comments

Show HN: lambda-nat-proxy – Serverless proxy using Lambda and UDP NAT punching

https://github.com/dan-v/lambda-nat-proxy
6•danvittegleo•3d ago•2 comments

Tiny Undervalued Hardware Companions (2024)

https://vermaden.wordpress.com/2024/03/21/tiny-undervalued-hardware-companions/
118•zdw•16h ago•25 comments