Comment by jacquesm
10 years ago
That's even weirder. They have obligations to their customers not to their neighbors in the same DC, that's the territory of whoever handles their hosting.
10 years ago
That's even weirder. They have obligations to their customers not to their neighbors in the same DC, that's the territory of whoever handles their hosting.
The datacenter is not going to be happy if they are offline due to attacks targeting one of their customers. The datacenter has an obligation to their customers, and if that means cutting off ProtonMail so that other customers stay online, then that's what the datacenter has to do. Then, ProtonMail is under pressure to pay the ransom fee to avoid having services terminated by the datacenter.
This is a risk the datacenter exposes their customers to by nature of how they operate. It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these. If their typical response to ransom requests was "you need to consider how you're impacting our business", I would take my business elsewhere.
> I would take my business elsewhere.
Great in theory, but surely nobody "elsewhere" will host you securely if hosting you means all their other customers get hosed.
"the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us."
Protonmail could just be talking this up, but if your ISP's (or AWS's) fancy countermeasures don't deal with this, why would they keep you? And why would any other ISP want or accept your business?
The problem with ProtonMail is that their business model and brand are based on being domiciled in Switzerland and operating under Swiss law. Their datacenter threatened them if they didn't pay the attackers and no other datacenter in Switzerland was willing to take them. They tweeted out for help finding one after everyone with sufficient bandwidth to withstand the attacks rejected them: https://twitter.com/ProtonMail/status/662212032368889856 Eventually, one came forward. But, the ransom had already been paid at that point.
> It's a major selling point to me that AWS employs some more sophisticated countermeasures to attacks like these.
There are very good clean pipe services available; the major limitation is that the clean pipe provider must have enough capacity to absorb any attack... something that can be quite difficult unless you are someone like L3.
However, the good clean pipe services are all very expensive. (I don't mean the "http only" service like cloudflare; that is a very different sort of thing.) - this is because of that aforementioned limitation; you need a lot of headroom in your bandwidth to run a clean pipe service.
But yeah, amazon charges a lot more for bandwidth than you'd expect to pay direct from a transit provider at small-ISP scale, so I would hope that they have enough capacity and technology to filter fairly large attacks.
>that's the territory of whoever handles their hosting.
Yes. And what does a provider do when a customer is getting hit so hard by a ddos that it is pushing their other customers offline? they blackhole the target at their upstream (usually starting on a per-IP basis, but that will widen as the attacker shifts the target)
So... most likely, the isp said "if this continues, we will need to finish the job and shut you off" - which is what every other ISP is going to do in the case of an attack that is large enough to knock the ISP in question offline.
Check out the legalese on your hosting contract; everyone reserves the right to dump you as a customer in these sorts of cases.
Yes, absolutely. And that's acceptable. If your customers can't deal with the realities of the internet today then you're better off without them anyway, no service will be able to guarantee 100% uptime and if major banks can be taken out by DDoS then so can a small time operator like this. That's no news and should not suprise anybody.
Would those obligations be spelled out in the contract for data centre services?
I'm interested in whether the ISPs have any form of protection against the disruption caused by a customer of a shared service coming under a criminal attack of this kind.