Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicNZX DDoS 3 Days and counting
ezbee

2651 posts

Uber Geek
+1 received by user: 3089


#274535 27-Aug-2020 17:48
Send private message

Call me uninformed but I thought massive DDoS attacks were something of the past. 
We have an attack that's been going for three days and seems no closer to running out of steam

 

We had network management measures that made this old hat ?
Even local technologies out of Waikato Uni , like Endace , for monitoring ?

 

Or has this actually been a growing problem hidden by quiet bitcoin payoffs.
It would be interesting to hear from networking people in the know, have we been living with false sense of security.

 

Edit , I type therefore I typo.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
mattwnz
20515 posts

Uber Geek
+1 received by user: 4795


  #2550818 27-Aug-2020 17:53
Send private message

Doesn't seem to be getting  huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with  a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.



Batman
Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted
Lifetime subscriber

  #2550962 27-Aug-2020 20:54
Send private message

apparently they are in the dark about what's going on ...

 

maybe some GZers can help ...

PolicyGuy
1820 posts

Uber Geek
+1 received by user: 1769

ID Verified
Lifetime subscriber

  #2550968 27-Aug-2020 21:02
Send private message

I would guess that they are self-hosting and not behind one of the major CDNs, so pretty much defenceless



timmmay
20858 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #2550969 27-Aug-2020 21:08
Send private message

Any significant website needs to be behind a major CDN these days, for DDOS mitigation. CloudFront, CloudFlare, Akamai, there are plenty to choose from.

ezbee

2651 posts

Uber Geek
+1 received by user: 3089


  #2550976 27-Aug-2020 21:26
Send private message


Apparently Zdnet are going for a shakedown by a group that's been attacking a number of companies 
https://www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/

 

""
The attackers have been identified as the same hacker group mentioned in an Akamai report published on August 17, last week.

 

The group uses names like Armada Collective and Fancy Bear — both borrowed from more famous hacker groups — to email companies and threaten DDoS attacks that can cripple operations and infer huge downtime and financial costs for the targets unless the victims pay a huge ransom demand in Bitcoin.
""
Our source, who requested anonymity for this article due to ongoing business relations, also confirmed that some of the attacks launched this week reached 50 to 60 Gb/sec.

 

The source also described the group as having "above-average DDoS skills."
""

 

Though this article seems to be pointing at Anonymous , just in it for Lols , though I thought they were more political these days.
https://www.rnz.co.nz/news/business/424567/nzx-down-for-third-day-in-a-row-following-another-cyber-attack

 

I can understand that no company will be saying much themselves, so who knows.
Suppose being last stop before Antarctica, we might think we might be far down the shakedown list , at least after the big dry island.  

Batman
Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted
Lifetime subscriber

  #2550980 27-Aug-2020 21:51
Send private message

shakedown - is that a term for bullying?

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
Zeon
3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #2551002 27-Aug-2020 22:24
Send private message

Batman:

 

shakedown - is that a term for bullying?

 

 

The word we are looking for is "extortion"




Speedtest 2019-10-14

NPCtom
430 posts

Ultimate Geek
+1 received by user: 56


  #2551033 27-Aug-2020 23:48
Send private message

Everyone blames any "cyber related attack" on Anonymous these days. This could possibly even be a few kids messing around. I'm surprised the Govt doesn't put any of their websites behind CDNs either. 





eracode
Smpl Mnmlst
9332 posts

Uber Geek
+1 received by user: 6198

ID Verified
Trusted
Lifetime subscriber

  #2551039 28-Aug-2020 04:49
Send private message

mattwnz:

 

Doesn't seem to be getting  huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it.

 

 

Yes - find it incredible that on One News last night - after the third day - it got two sentences of coverage. Also if you google for it as news, there are not many stories covering it - and those that do, are relatively brief.




Sometimes I just sit and think. Other times I just sit.

MikeB4
MikeB4
18775 posts

Uber Geek
+1 received by user: 12765

ID Verified
Trusted
Subscriber

  #2551075 28-Aug-2020 08:34
Send private message

The Spark account manager will be a tad busy I guess




Here is a crazy notion, lets give peace a chance.

nedkelly
666 posts

Ultimate Geek
+1 received by user: 104

Trusted
Subscriber

  #2551099 28-Aug-2020 08:53
Send private message

GCSB are now involved according to Stuff article.

 
 
 
 

Shop now at Mighty Ape (affiliate link).
freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2551119 28-Aug-2020 09:15
Send private message

mattwnz:

 

Doesn't seem to be getting  huge amount of coverage, considering this is a big part of NZs infrastructure. Saw some experts on the news last night discussing it. Normally I understand with  a DDOS on a website server, that the admins would block the IP ranges of those doing the attack.

 

 

Admins wouldn't be able to block a coordinated DDoS attack that easily. Some attacks can have hundreds of thousands of source IPs. Attacks come in different forms - some are just bits, some are packets and others are full HTTP requests. 

 

PolicyGuy:

 

I would guess that they are self-hosting and not behind one of the major CDNs, so pretty much defenceless

 

 

You don't need to be behind a CDN to defend against DDoS attacks. CDNs are Content Distribution Networks. Some CDNs do offer DDoS protection but this is not always the case. 

 

The New Zealand Government websites are mostly behind services like Imperva. Private sites have this option plus Cloudflare and others. 

 

The NZX network provider is Spark. This has impacted traffic to other clients too so this fact alone tells me a bit of what kind of attack level this is. 

 

Here is a very good read - including a high volume attack analysis and a description of the three types of attacks I've mentioned above. 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

timmmay
20858 posts

Uber Geek
+1 received by user: 5350

Trusted
Lifetime subscriber

  #2551133 28-Aug-2020 09:43
Send private message

Most places that do DDOS protection are also a CDN, hence people saying CDN. CDN is important to scale out to absorb traffic that makes it through DDOS filters. For example one of the features of AWS Shield Advanced (at US$3K per month) is that during a DDOS attack they cover the cost of scaling out your application resources to meet the load that makes it through the Shield / CloudFront DDOS protection.

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2551136 28-Aug-2020 09:46
Send private message

timmmay:

 

Most places that do DDOS protection are also a CDN, hence people saying CDN. CDN is important to scale out to absorb traffic that makes it through DDOS filters. For example one of the features of AWS Shield Advanced (at US$3K per month) is that during a DDOS attack they cover the cost of scaling out your application resources to meet the load that makes it through the Shield / CloudFront DDOS protection.

 

 

Most services do, but to be technically correct assume the lowest level. Not every CDN offers DDoS protection and not every DDoS protection service uses a CDN.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2551137 28-Aug-2020 09:47
Send private message

NPCtom:

 

Everyone blames any "cyber related attack" on Anonymous these days. This could possibly even be a few kids messing around. I'm surprised the Govt doesn't put any of their websites behind CDNs either. 

 

They all use Imperva...




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright