Each server autonomously detects & mitigates attacks. Realtime threat intelligence (top fingerprint permutations) gossiped within the data center as well as globally to improve mitigation efficacy

- CF's global anycast helps spreading the attack traffic
- dosd looks for patterns in sampled packets, generate permutations to find the fingerprint with highest mitigation efficacy
- mitigation rules applied based on fingerprint counts, rule times out to prevent false +ves

0.004% attack traffic:
- QOTD DDoS (reflect & amp, UDP/17)
- Echo DDoS (reflect & amp, UDP/TCP/7)
- NTP DDoS (reflect & amp, NTP `monlist` command)
- Mirai UDP attack (flood, botnet)
- Portmap DDoS (reflect & amp, UDP/111, RPC info)
- RIPv1 DDoS (reflect & amp, UDP/520, unauthenticated routing info)

The post gives an overview of the 7.3 Tbps DDoS attack which lasted 45s.

Target was a single IP over 21925 target ports, source port distribution was also similar. 99.996% of attack traffic was UDP DDoS (flood)

Wiki reference: en.wikipedia.org/wiki/Fibonac...

- Write integration tests for business logic not only with 100% coverage but with both +ve & -ve scenarios covered
- Aim for cloud platform independent deployment systems
- Security is "not a choice" for software development
- Analyze systems from both attackers POV as well as DevOps POV
(3/3)

My views perfectly align with the points in the post..
- Keep teams small
- Design simple straightforward architectures
- Use framework defaults as much as possible
- Avoid microservices, stick with monolith
- Proactively update dependency versions regularly
- Reject unstructured data inputs
(2/3)

From the post: "A useful rule of thumb for assessing an abstraction is to ask yourself: How often do I need to peek under the hood? Once per day? Once per month? Once per year? The less often you need to break the illusion, the better the abstraction."

Here are the values in each steps of computation