Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is very easy to mitigate, because you null route the production subnet except for a VPN that only can be reached by the proxy. You can even VPN over a completely different IPv6 route.

They could still try to knock your entire datacenter offline but that is much harder.



That's not much harder, that's exactly what happened to them in the initial attack.

You're still depending on either a "secret" IPv6 network, or your upstream provider performing some source-based routing to only route packets from the VPN connection. I doubt that's available to a simple colo customer.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: