"Global internet slows after 'biggest attack in history'"

Forums › Off topic › "Global internet slows after 'biggest attack in history'"

StevieT

593 posts

Ultimate Geek
+1 received by user: 26

Topic # 115507 28-Mar-2013 07:29

Not sure if this is the right place to post this article I have just come across: http://www.bbc.co.uk/news/technology-21954636

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 788387 28-Mar-2013 08:51

The BBC is about ten days late with this story. The whole thing started on the 18th March.

Also, it appears that Spamhaus moved to Cloudflare and this absorbed the attack, this on the 22nd.

This article comes almost after the event and I can bet people using other providers barely noticed anything anyway.

Reading the article it sounds to me like some DDoS mitigation technology companies wanted to have their voices heard - and ride the wave of marketing.

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

xpd

The Overrated Raccoons
8683 posts

Uber Geek
+1 received by user: 1250

Mod Emeritus

Trusted

Lifetime subscriber

Reply # 788403 28-Mar-2013 09:21

From Ars Technica...

"When the attack started, on March 18, it measured around 10 Gb/s. On March 19, it hit 90 Gb/s, on March 22 it reached 120 Gb/s. This still wasn't enough to knock CloudFlare or Spamhaus offline. So the attackers escalated.Today, CloudFlare wrote that one of the Internet's big bandwidth providers is seeing 300 gigabits per second of traffic related to this attack, making it one of the largest ever reported."

XPD / Gavin / DemiseNZ

For Free Games, Geekiness and Reviews, visit :

Home Of The Overrated Raccoons

Battlenet : XPD#11535 Origin/Steam/Epic/Uplay : xpdnz

Sea of Thieves Down Under

Try Wrike: fast, easy, and efficient project collaboration software

c3rn

251 posts

Ultimate Geek
+1 received by user: 13

Reply # 788425 28-Mar-2013 09:49

Must be running pretty powerful systems or have a massive botnet to launch such attacks?

timmmay

13747 posts

Uber Geek
+1 received by user: 2389

Trusted

Subscriber

Reply # 788428 28-Mar-2013 09:52

The blog post by Cloudflare says it would take only a small amazon cluster to generate the traffic due to the multiplication of request/reply size.

AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 788434 28-Mar-2013 10:05

c3rn: Must be running pretty powerful systems or have a massive botnet to launch such attacks?

It's a DNS amplification type attack. A good number of machines sending out DNS requests with the return IP pointing to the victims servers. Open DNS servers around the world reply to the response going back to the victimis.

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

Zeon

3392 posts

Uber Geek
+1 received by user: 395

Trusted

Reply # 788449 28-Mar-2013 10:23

Another reason to check your DNS servers to make sure they aren't open relays!

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 788456 28-Mar-2013 10:26

There are enough stupid people that run their own DNS at home (and some businesses) on the DMZ or not bound to LAN only...

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 788520 28-Mar-2013 12:29

More evidence this seems to be a Europe only kind of attack...

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 789123 29-Mar-2013 10:10

Let me put this another way after looking at how things worked...

There's an interesting book called Trust Me, I'm Lying.

The guy works in marketing and explains how companies can "amplify" their marketing efforts by using blogs and mainstream media.

In one example someone posts a blog entry about a product. He sends the tips up to a bigger blog, and then after a few days the story shows up on The New York Time or Washing Post. From there the marketing folks can easily add that information to Wikipedia for example because even though a blog is not a "source" for some articles on Wikipedia, those other newspapers are - and the marketing folks got the "credible source" now to make their story/product page on Wikipedia.

If you look at the Cloudflare blog, they link to The New York Times, which is a story about themselves saving Spamhaus.

They can clearly say in their blog that TNYT is a credible source. They aren't saying the attack was the largest in the world. TNYT is saying it. They aren't saying they saved the Internet, TNYT is saying it. And we all trust mainstream journalism.

But what if someome in the inside sent a tip to TNYT and the journalist wasn't very thorough at investigating?

Have you personally felt affected by this "massive attack" that "almost broke the Internet"? No, me neither.

As found on Gizmodo (which is another non-reliable blog sometimes, but at least here we have credible sources).

This is from NTT:

I'm afraid that we don't have anything we can share that substantiates global effects. I'm sure you read the same 300gbps figure that I did, and while that's a massive amount of bandwidth to a single enterprise or service provider, data on global capacities from sources like TeleGeography show lit capacities in the tbps range in most all regions of the world. I side with you questioning if it shook the global internet.

This is from Renesys:

We believe that the DDOS attack potentially had severe impacts on the websites it was directed at, however, according to our data, the Internet as a whole did not experience a wide spread disruption.

Just to put it in perspective the traffic estimates for the DDOS attack were as high as 300 Gbps at the target. That would easily overwhelm the average hosting center, but not a core component of the Internet. For example, DECIX, the German Internet exchange in Frankfurt, regularly handles 2.5 Tbps at peak on any given day: http://www.de-cix.net/about/statistics/

While it may have severely affected the websites it was targeted at, the global Internet as a whole was not impacted by this localized incident.

So at best a regional problem, at worst a marketing attack on corporates to convince them there's a monster at large and there's a solution at hand.

Or just read The Guardian Spamhaus Internet attack: was it all a PR stunt?.

But, wait... The Guardian is quoting Gizmodo, which now amplifies and perhaps even "legitimises" the blog post.

You see how things go around?

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 789301 29-Mar-2013 16:07

And NetworkWorld says this was hyped:

"The hundreds of websites that Keynote monitors showed no performance changes that were out of the ordinary at all, says Aaron Rudger, senior market manager at Keynote, which went back and closely compared U.S. Web performance to European performance to see if it could find evidence to support all these Internet slowdown assertions heard in both the European and U.S. the media."

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

jpollock

600 posts

Ultimate Geek
+1 received by user: 5

Trusted

Reply # 789464 29-Mar-2013 23:50

A response from one of CloudFlare's upstream providers.

http://cluepon.net/ras/gizmodo

First off I can confirm a few basic facts, namely that we really did 
receive a ~300 Gbps attack directed at Cloudflare, and later 
specifically targeted at pieces of our core infrastructure. This is 
definitely on the large end of the scale as far as DoS attacks go, but 
I wouldn't call it "record smashing" or "game changing" in any special 
way. It's just another large attack, maybe 10-15% larger than other 
similar ones we've seen in the past, and I'm certain we will continue 
to see even larger ones in the future as global traffic levels 
increase. What made this particular attack notable is where it was 
targeted, which greatly increased the number of people who noticed it.

It's a really good post, full of information on what happened.

Still, we've got a list of NZ companies which are operating systems in an insecure fashion which is impacting other organisations. How do we effect a change in their behaviour?

---
http://blog.jason.pollock.ca

freitasm

BDFL - Memuneh
60012 posts

Uber Geek
+1 received by user: 11111

Administrator

Trusted

Geekzone

Lifetime subscriber

Reply # 790564 2-Apr-2013 11:46

Try Orcon:

Anybody know why Orcon Genius is wide open and allows DNS resolution? I'm browsing the net using somebody's Orcon IP right now..
— Steve Biddle (@stevebiddle) March 28, 2013

Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff) | Backblaze cloud backup (personal and business) | My technology disclosure

You can support content creators (and Geekzone) by using the Brave browser.

quentinreade

303 posts

Ultimate Geek
+1 received by user: 58

Trusted

Vocus

Reply # 790594 2-Apr-2013 12:26

Wide-open is a little exaggerated. If you turn the firewall off, on some firmware there is a risk of an exploit – although too few devices to be a serious target for exploitation perhaps. Thanks for spotting it Steve – the guys are fixing it as we speak.

Head of Brand and Communications
Vocus NZ
[Slingshot, Orcon and Flip]