>Dear ProtonMail Community,
>As many of you know, last week ProtonMail came under a massive distributed denial-of-service (DDoS) attack which knocked our service offline for several days. Unfortunately, we were initially unable to defend against such a massive attack and suffered downtime as a result. Despite the ferocity of the attack, our server security measures and end-to-end encryption meant we were able to keep user data secure.
>This incident was one of the largest cyberattacks ever in Switzerland and caused enough damage to knock an entire datacenter offline. In an attempt to keep ProtonMail offline, upstream ISPs were also attacked, knocking hundreds of other businesses offline in countries as far away as Russia. The main attack began on Wednesday, November 4th, and it was not until the evening of Saturday, November 7th that we were able to bring the situation until control. Full details about the attack can be found on our blog here.
>There is no doubt that the purpose of the attack was to keep ProtonMail offline for as long as possible. In doing so, the attackers wanted to deny email privacy to nearly a million people worldwide. The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future. Our vision for an Internet that respects privacy and freedom can be assaulted, but it will never be destroyed.
>Our cause is also joined by IP-Max, the best network experts in Switzerland. The IP-Max team worked extremely long hours for several days in a row to bring us back up. And they did it entirely on a volunteer basis, simply to support our community. Building an entire network from scratch and bringing it online in a few days requires an incredible effort, and it was only with their assistance that we were able to come back online as quickly as we did.
>The result is that ProtonMail is now stronger than ever. Not only did we mitigate the largest DDoS attack in Switzerland in a couple days, we also gained the ability to resist such attacks in the future. We would like to thank the entire ProtonMail community for your many kind words of encouragement and support during this difficult time. We built ProtonMail for you, and it is truly an honor to have you standing behind us, in both good times and bad times. We look forward to continuing on this journey towards a more private and free Internet with all of you.
>Best Regards,
>The Entire ProtonMail Team
Leave my cryptomail alone you fucking kikes.
>get ddos attacked
>gib more money pls
Can't you end a DDoS attack just by changing your IP? Just reset the router. Geez.
>>51311030
shill
go drown
fuck them freedom-haters
freedom aint natural it must be taken by force(crypto)
crypt it all
How does a DDoS attack knock something offline? I mean service would be slow but it cannot disconnect it from the internet. Can it?
>>51311155
holy shit ur dumb
server can only handle x number of requests before it becomes I/O or network bound, at which point it cannot server any more requests = down to anyone trying to access it
>>51311193
We need to develop a data structure that subverts such attacks. Something like a request queue, so even if a server cannot serve someone now, they can in the future. That way all requests are returned.
>>51311193
That doesn't make it "offline".
>>51311273
Holy shit nobody has ever considered this before. Run along then. I expect a working prototype within the month.
>>51311155
>>51311351
>... Building an entire network from scratch and bringing it online....
thats what makes them (or any service) offline. upstream isp force them out.
>>51311041
you really don't understand technology do you
>>51311273
but i want the server to serve me now..
>>51310617
I'm intrested to see what this "state funded" attack was, hope someone make a legit report out of it.
I heard many people saying it was just a DNS amp that peaked over few hunderd Gbit/sec but a real providers has seen those many many times.
Or this was just a lie for more money))
Why do you keep making these threads?
>>51311273
It's not a software issue, it's a logical one that's unavoidable due to the structure of the Internet.
If the combined connection speeds of all the ways data can come in towards you on a given network exceeds the maximum input you can receive, you physically cannot push the bits in any faster.
If there's 1 billion users on the internet who average 10mbits each, unless your server has 10,000 petabits in, it's vulnerable in some way to a DDoS attack (consider the pigeonhole principle). If 1 million of those users are coming in through a path that bottlenecks at 1000gbit, it only takes 10k of those users to flood out access for the other 990,000. In the second case even if in theory your network is an amazing 10,000 petabit godnetwork, it only takes 1% of the devices in a country being compromised by the same attacker to decide to make your service unavailable there.
The best current techniques to minimize impacts of attacks are stateless protocols (HTTP) and spreading availability over 1000s of geographically diverse servers (CDNs).
I guess the damage could be minimized by moving the Internet off of IP and on to a protocol that lets ISPs cooperate on connections, dynamically restricting data flow. Maybe this can already be done by managing IP packet streams as a virtual connection and using second channel to manage them, but this just moves all the issues above around bit/s to connection limits. If a server can handle 1,000 connections at a time, you need to own 0.1% of the devices on the Internet (1 million servers) to feasibly say you're immune to DDoS attacks.
tl;dr the best feasible solution still doesn't solve DDoS attacks, and could only be implemented by large scale cooperation between all ISPs and probably a replacement of all existing IP infrastructure, to solve an issue that probably affects less than 0.01% of all internet hosted services at a given time.
>>51311884
Why not make it such that during times of overload, the IPs that are the most frequent users/valued customers get priority services?
DDoS attacks are sudden in nature, right? So if you get a sudden influx of new IPs that request information, simply deny those and keep the users. Then the problem is solved, right? And any given user doesn't make more than X http requests per minute, right? So why not restrict that as well?
