The IP of the site reports as being a Comcast IP address. Surely this isn't hosted on some guy's home server? Even their business class service wouldn't seem like a good fit, especially for an org like Defcon.
Without robust and easily scaled infrastructure in place ahead of time, an organic DDOS is one of the most difficult situations to mitigate. Not much can be done in terms of traffic shaping, rate limiting, or bot detection.
An HN front page “DDoS” is like 20K hits. This isn't some complex scaling challenge. Any website on the internet should be able to handle it, especially a purely informational one.
I had my blog be on the front page for ~6-8 hours racking up 100k+ unique loads. It also managed to survive just fine on a $5 VPS so I would hope that other sites could survive.
I agree. Protecting against DDoS attacks is incredibly difficult. I'm just enjoying the irony of Def Con, the premiere computer security and hacking convention, not being able to handle traffic.
To be fair, I don't think they crashed; I saw a "sorry too much traffic try later" type message. Still amuses me.
I guess it's funny, but the attendees don't necessarily represent the organizers. The best hackers in the world may be in the building during Defcon but I don't think the Defcon organization itself necessarily employs them.
the current way to most effectively get around DDoS seems to be using a proof-of-work based frontend run on as many revolving reverse proxies around the world as you can afford. this is what kiwifarms does. seems pretty effective and a lot cheaper than what the people bankrolling the attacks on them are spending.
