NZX DDoS 3 Days and counting

Forums › Off topic › NZX DDoS 3 Days and counting

1 | 2 | 3 | 4 | 5

20515 posts

Uber Geek
+1 received by user: 4795

#2551503 28-Aug-2020 17:54

neb:
mattwnz:

Doesn't seem to be getting huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.

It's a distributed attack, that's what the first 'D' is, there's no "IP range" to block. Eventually the Russian group doing it will send in a demand for BTC to go away. The problem is in this case that nothing in NZ has ever been of any interest to attackers so there's been little motivation to protect against it. I guess as with taking quarantine more seriously it'll now get some budget devoted to it.

Guessing then that Cloudflare could be a solution to them? 4 Days in a row though isn't good.

neb

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#2551509 28-Aug-2020 18:07

mattwnz:
Guessing then that Cloudflare could be a solution to them? 4 Days in a row though isn't good.

Not necessarily, you can go with specialised DDoS protection services that you only need to pour money into while the attack is happening, they usually only last a few days before they move on. "Use Cloudflare" isn't an automatic solution, it can help against general nuisance attacks but this sounds like something pretty targeted which may require more specialised services, and it becomes more a matter of economics than anything else, what's the best way to spend our mitigation budget? For example you may find with Cloudflare that DDoS mitigation is included in your monthly fee up to a certain level and beyond that you pay on a pro rata basis.

Having said that, "use Cloudflare" would be a good start.

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2551556 28-Aug-2020 20:14

Whatever your DDOS provider is, you need to ensure you only accept traffic from them, not from anywhere else. That often means changing IP address, as even if you reject packets from other IPs at your firewall it still takes your bandwidth.

I use CloudFlare with my AWS server, because it's cheaper than CloudFront. I only whitelist traffic from my home IP and from CloudFlare Both AWS CloudFront / AWS Shield and CloudFlare can cope with very large DDOS attacks. AWS Shield / CloudFront coped with a 2.3Tbps DDOS attack (that's about how much internal bandwidth I think NZ has), and I believe they can cope with larger. Not sure what the biggest CloudFlare can do is, but they mitigated a 0.25Tbps attack automatically.

ezbee

2651 posts

Uber Geek
+1 received by user: 3089

#2551974 29-Aug-2020 15:58

Is there another aspect to some of these attacks.
Would it also enable the group to also sneak some hacking attacks though an overloaded system while things are in chaos and recovering from DDoS ?

Not just a 'smash' raid to backup extortion demand, but opportune to set things up for a later 'grab'

neb

11294 posts

Uber Geek
+1 received by user: 10018

Trusted

Lifetime subscriber

#2551992 29-Aug-2020 16:23

ezbee:
Is there another aspect to some of these attacks.
Would it also enable the group to also sneak some hacking attacks though an overloaded system while things are in chaos and recovering from DDoS ?

Highly unlikely, it's a straightforward protection racket. What makes the NZX one problematic is that it's had worldwide media coverage, which both means that the attackers know they're having an effect and that they can't stop now because it'll encourage non-payment from future targets. The usual approach is to batten down the hatches and wait for them to move on, but that isn't an option any more in this case.

eracode

Smpl Mnmlst
9333 posts

Uber Geek
+1 received by user: 6203

ID Verified

Trusted

Lifetime subscriber

#2552904 31-Aug-2020 10:39

Down again.

Sometimes I just sit and think. Other times I just sit.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

Fred99

13684 posts

Uber Geek
+1 received by user: 10018

#2552911 31-Aug-2020 10:50

eracode:

Down again.

Is it? Seems to be working fine for me.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2552913 31-Aug-2020 10:52

Not working here - just an empty page with a script.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Fred99

13684 posts

Uber Geek
+1 received by user: 10018

#2552924 31-Aug-2020 11:08

freitasm:

Not working here - just an empty page with a script.

OK - it did that here a minute ago - but it's working again now. If keep hitting F5 fast enough, I wonder if the GCSB might knock on my door.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2553009 31-Aug-2020 11:14

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

eracode

Smpl Mnmlst
9333 posts

Uber Geek
+1 received by user: 6203

ID Verified

Trusted

Lifetime subscriber

#2553010 31-Aug-2020 11:16

Fred99:

freitasm:

Not working here - just an empty page with a script.

OK - it did that here a minute ago - but it's working again now. If keep hitting F5 fast enough, I wonder if the GCSB might knock on my door.

According to radio news it was down for seven minutes this morning. Currently up again.

Sometimes I just sit and think. Other times I just sit.