My VPS provider's entire IP range got DDoS'd. fail2ban banned 20k+ IPs and kernel panic'd my machine. So I learned XDP
A few days ago, someone decided to DDoS the entire IP range of my Hong Kong VPS provider. fail2ban did its job a little too enthusiastically — banned 20,000+ IPs, ran the machine out of memory, and triggered a kernel panic. Great. :/ That’s when I realized the problem: fail2ban lets packets hit the kernel stack first, then reacts. Under a real flood, that reaction cost alone is enough to kill the machine. I went down the XDP/eBPF rabbit hole, which runs at the NIC driver level — packets get dropped before they even touch the kernel. ...