this post was submitted on 18 Nov 2023
0 points (50.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Customized Edges

Deploy flexibly in a single cloud, multi-cloud, on-premises DC, or using Infrastructure as Code (IaC), giving you full control over data, gateway visibility, and on-demand network coverage.

AppZTNA Anti-DDoS

AppZTNA security model is entirely opposite to Cloudflare's. It doesn't depend on centralized network mitigation for DDoS attacks. In a Server Find Client zero-trust network, attackers can't attack what they can't see.

This is my startup idea. I don’t know if anyone will need it. I hope to get your feedback. Thank you.

you are viewing a single comment's thread
view the rest of the comments
[–] phein4242@alien.top 2 points 11 months ago (1 children)

Even if you can get the appZTNA stuff to work (which I doubt), how is your infra going to absorb multi Tbit traffic without customer impact?

[–] PenArtistic71@alien.top 1 points 11 months ago (1 children)

Perhaps I didn't express my thoughts clearly, and for that, I apologize.

In the past, we typically approached the challenge of mitigating DDoS attacks by countering and combating resources at the L3-L7 level. I do not deny that this is a correct and effective solution, and I am familiar with how it works.However, in my previous work, our mobile app often fell victim to DDoS attacks, and I found that there could be an alternative approach to addressing the issue. Why must we tackle DDoS with a firewall mindset? Is it possible to make DDoS disappear more proactively?We analyzed DDoS from the ATT&CK perspective of the attacker, focusing on the typical steps of attacking a mobile app:
1、Downloading the app from the App Store.
2、Analyzing the app through packet capture or debugging tools to identify the attack target: Domain or IP address.
3、Using DDoS tools to initiate an attack on the target using a botnet.
Typically, we address DDoS at the third step when the attack has already occurred, and we are left seeking additional layers of protection.Our approach is in the second stage. When I have a certain number of edge IPs to distribute user or device connections and manage global traffic based on user or device context, this method is highly effective.The only drawback is that this method is only effective for native mobile or client applications. However, the benefits it brings include making the application actively immune to DDoS rather than passively defending against it and effectively identifying attackers.

[–] phein4242@alien.top 1 points 11 months ago

You expressed yourself just fine and my question is still valid. Do you have the capacity to handle multi Tbit traffic on the edge ips that you use to hide the backend ips? Because if all of those are flooded, not only will the backend app be unreachable, but all your customers will be unreachable as well.