HN2new | past | comments | ask | show | jobs | submitlogin

It's an interesting problem - designing a basic forum that can survive DDoS attacks without a centralized protector such as cloudflare.


A simple web server can hold millions of connections. With some smart caching you could serve a wide audience. If the DDOS is big enough you will max out your 1GB/s line - I'm not sure on ways around that. Even blocking ranges on your router won't fix it.


This is not too hard of a problem, but the issue is that it's expensive. You can likely get to ~100k packets/second of forum serving + DDoS attack filtering on one core, but you will eventually saturate your (likely 1 gbps or less) upstream connection. The only real mitigation to this is to have a much bigger upstream connection than you need.

Edit - clarifying that 100k pps per core would only be achievable if the vast majority of the traffic (>95%) could be filtered out.


They might look into a federated server + p2p content exchange architecture like notabug.io was building for a few years.


You could build something on top of bittorrent for instance. With the consequence that the IPs of the users will get exposed.


Something like BitTorrent wouldn't work well for dynamic content such as a web forum.


There is live streaming built on top of Bittorrent. Sure you have to tweak it but it is very possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: