Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




601 posts

Ultimate Geek


#115507 28-Mar-2013 07:29
Send private message

Not sure if this is the right place to post this article I have just come across: http://www.bbc.co.uk/news/technology-21954636

Create new topic
BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #788387 28-Mar-2013 08:51
Send private message

The BBC is about ten days late with this story. The whole thing started on the 18th March.

Also, it appears that Spamhaus moved to Cloudflare and this absorbed the attack, this on the 22nd.

This article comes almost after the event and I can bet people using other providers barely noticed anything anyway.

Reading the article it sounds to me like some DDoS mitigation technology companies wanted to have their voices heard - and ride the wave of marketing.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


xpd

Covid-19 Free
10637 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  #788403 28-Mar-2013 09:21
Send private message

From Ars Technica...

"When the attack started, on March 18, it measured around 10 Gb/s. On March 19, it hit 90 Gb/s, on March 22 it reached 120 Gb/s. This still wasn't enough to knock CloudFlare or Spamhaus offline. So the attackers escalated.Today, CloudFlare wrote that one of the Internet's big bandwidth providers is seeing 300 gigabits per second of traffic related to this attack, making it one of the largest ever reported."




XPD^ / DemiseNZ

 

Blog         Free Games        Twitter

 

My TradeMe Goodies

 

Disclaimer - It wasn't me, the dog ate my keyboard, my account was hacked, I was drunk, ALIENS.


 
 
 
 


255 posts

Ultimate Geek


  #788425 28-Mar-2013 09:49
Send private message

Must be running pretty powerful systems or have a massive botnet to launch such attacks?





16181 posts

Uber Geek

Trusted
Subscriber

  #788428 28-Mar-2013 09:52
Send private message

The blog post by Cloudflare says it would take only a small amazon cluster to generate the traffic due to the multiplication of request/reply size.

BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #788434 28-Mar-2013 10:05
Send private message

c3rn: Must be running pretty powerful systems or have a massive botnet to launch such attacks?


It's a DNS amplification type attack. A good number of machines sending out DNS requests with the return IP pointing to the victims servers. Open DNS servers around the world reply to the response going back to the victimis.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


3607 posts

Uber Geek

Trusted

  #788449 28-Mar-2013 10:23
Send private message

Another reason to check your DNS servers to make sure they aren't open relays!




Speedtest 2019-10-14


BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #788456 28-Mar-2013 10:26
Send private message

There are enough stupid people that run their own DNS at home (and some businesses) on the DMZ or not bound to LAN only...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


 
 
 
 


BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #788520 28-Mar-2013 12:29
Send private message

More evidence this seems to be a Europe only kind of attack...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #789123 29-Mar-2013 10:10
Send private message

Let me put this another way after looking at how things worked...

There's an interesting book called Trust Me, I'm Lying.

The guy works in marketing and explains how companies can "amplify" their marketing efforts by using blogs and mainstream media.

In one example someone posts a blog entry about a product. He sends the tips up to a bigger blog, and then after a few days the story shows up on The New York Time or Washing Post. From there the marketing folks can easily add that information to Wikipedia for example because even though a blog is not a "source" for some articles on Wikipedia, those other newspapers are - and the marketing folks got the "credible source" now to make their story/product page on Wikipedia.

If you look at the Cloudflare blog, they link to The New York Times, which is a story about themselves saving Spamhaus.

They can clearly say in their blog that TNYT is a credible source. They aren't saying the attack was the largest in the world. TNYT is saying it. They aren't saying they saved the Internet, TNYT is saying it. And we all trust mainstream journalism.

But what if someome in the inside sent a tip to TNYT and the journalist wasn't very thorough at investigating?

Have you personally felt affected by this "massive attack" that "almost broke the Internet"? No, me neither.

As found on Gizmodo (which is another non-reliable blog sometimes, but at least here we have credible sources).

This is from NTT:


I'm afraid that we don't have anything we can share that substantiates global effects. I'm sure you read the same 300gbps figure that I did, and while that's a massive amount of bandwidth to a single enterprise or service provider, data on global capacities from sources like TeleGeography show lit capacities in the tbps range in most all regions of the world. I side with you questioning if it shook the global internet.


This is from Renesys:


We believe that the DDOS attack potentially had severe impacts on the websites it was directed at, however, according to our data, the Internet as a whole did not experience a wide spread disruption.

Just to put it in perspective the traffic estimates for the DDOS attack were as high as 300 Gbps at the target. That would easily overwhelm the average hosting center, but not a core component of the Internet. For example, DECIX, the German Internet exchange in Frankfurt, regularly handles 2.5 Tbps at peak on any given day: http://www.de-cix.net/about/statistics/

While it may have severely affected the websites it was targeted at, the global Internet as a whole was not impacted by this localized incident.


So at best a regional problem, at worst a marketing attack on corporates to convince them there's a monster at large and there's a solution at hand.

Or just read The Guardian Spamhaus Internet attack: was it all a PR stunt?.

But, wait... The Guardian is quoting Gizmodo, which now amplifies and perhaps even "legitimises" the blog post.

You see how things go around?





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #789301 29-Mar-2013 16:07
Send private message

And NetworkWorld says this was hyped:

"The hundreds of websites that Keynote monitors showed no performance changes that were out of the ordinary at all, says Aaron Rudger, senior market manager at Keynote, which went back and closely compared U.S. Web performance to European performance to see if it could find evidence to support all these Internet slowdown assertions heard in both the European and U.S. the media."




 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


600 posts

Ultimate Geek

Trusted

  #789464 29-Mar-2013 23:50
Send private message

A response from one of CloudFlare's upstream providers.

http://cluepon.net/ras/gizmodo

First off I can confirm a few basic facts, namely that we really did 
receive a ~300 Gbps attack directed at Cloudflare, and later
specifically targeted at pieces of our core infrastructure. This is
definitely on the large end of the scale as far as DoS attacks go, but
I wouldn't call it "record smashing" or "game changing" in any special
way. It's just another large attack, maybe 10-15% larger than other
similar ones we've seen in the past, and I'm certain we will continue
to see even larger ones in the future as global traffic levels
increase. What made this particular attack notable is where it was
targeted, which greatly increased the number of people who noticed it.
 

It's a really good post, full of information on what happened.

Still, we've got a list of NZ companies which are operating systems in an insecure fashion which is impacting other organisations.  How do we effect a change in their behaviour?






BDFL - Memuneh
67753 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #790564 2-Apr-2013 11:46
Send private message

Try Orcon:








 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


325 posts

Ultimate Geek

Trusted
Vocus

  #790594 2-Apr-2013 12:26
Send private message

Wide-open is a little exaggerated. If you turn the firewall off, on some firmware there is a risk of an exploit – although too few devices to be a serious target for exploitation perhaps. Thanks for spotting it Steve – the guys are fixing it as we speak.




Head of Communications
Vocus NZ


Create new topic




News »

D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40


Vector and AWS join forces to accelerate the future of energy
Posted 28-Jul-2020 21:35


JBL launches new mobile earbuds and PC speakers
Posted 22-Jul-2020 16:04



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.