security-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-discuss] gnuradio project DoS attacks GNU wget users

From: Paolo Bonzini
Subject: Re: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Wed, 1 Mar 2017 12:00:41 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0 

On 28/02/2017 16:47, Jean Louis wrote:
> Are there so many users downloading the software, that the project
> managers lack the money for hosting? Isn't hosting today pretty cheap?

It's the opposite of lack of money; CDNs are just as expensive as
regular high-quality hosting (which is _not_ cheap: hosting for QEMU for
example costs a few hundred dollars every month for example).

Apart from lower latency, the main thing that they provide is resistance
to DOS attacks.  Without a CDN, if you are attacked you have to pay for
the bandwidth consumed by the attackers; a CDN instead detects the issue
and blocks their traffic.

The issue of Tor exit nodes being blocked by CDNs because someone else
is using those node for nefarious purposes should be well known to Tor
users.

If there is a list of CDNs that support running without Javascript
enabled, that would be nice to have (though that probably wouldn't "fix"
wget, because you still have to solve the Captcha or something like
that).  But I don't think it is fair to single out GNU Radio for having
chosen Cloudflare; most users do not ever see the captcha and it's
possible that the GNU Radio administrators weren't even aware of its
presence.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]