Kind of scary if it's really that easy to shut down a GAE application from a script running on a single IP address for less than an hour.
I think we would all like to hear from Google how they plan to deal with this problem in the general sense: a) in terms of preventing apps from going offline due to DoS-related quota overage. b) how these situations will be handled from a billing standpoint. I appreciate that these are hard problems to solve, but now that people are actually paying for the service, I believe some concrete policies and answers would be more than appropriate. And codermarc, please do keep us updated with your specific situation as it unfolds. On Mar 20, 1:31 pm, codermarc <[email protected]> wrote: > I was recently the victim of a DoS attack against an App Engine app. > The attacker requested a 2.3mb file approximately 13k times over 1.5 > hours, and at least 6k of the requests were successful before by > bandwidth quota was exceeded. > > All of the requests were coming from a single IP address in Central > America. The successful requests were spread out over about 45 > minutes, which would mean a constant outgoing bandwidth rate of 5.1mb/ > s. Does this make any sense? > > How does Google calculate outgoing bandwidth for static file requests? > When a file is requested, is it automatically assumed that the entire > file will be transferred, or is the actual bandwidth used calculated? > > Also, is anybody aware of anything I can do in the future to prevent > such an attack? > > Thanks for your feedback! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
