DDoS

Noteworthy

 We asked IT pros what's at stake during a DDoS attack. Here's what they said about downtime, losing customers and public trust.

 Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

 While the danger is hardly over, these larger institutions have learned some painful lessons that smaller firms might heed as they seek to minimize risks.

DDoS / Recently Commented

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we've ever observed and mitigated -- an attack over 300 Gbps against one of our Media and Entertainment customers. more»

Anti-Spoofing, BCP 38, and the Tragedy of the Commons

In the seminal 1968 paper "The Tragedy of the Commons" , Garrett Hardin introduced the world to an idea which eventually grew into a household phrase. In this blog article I will explore whether Hardin's tragedy applies to anti-spoofing and Distributed Denial of Service (DDoS) attacks in the Internet, or not... Hardin was a biologist and ecologist by trade, so he explains "The Tragedy of the Commons" using a field, cattle and herdsmen. more»

NANOG 61 - Impressions of Some Presentations

The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more»

Extreme Vulnerability at the Edge of the Internet - A Fresh New Universal Human-Rights Problem

By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more»

Domain Name System (DNS) Security Should Be One of Your Priorities

Most people, even seasoned IT professionals, don't give DNS (the Domain Name System) the attention it deserves. As TCP/IP has become the dominant networking protocol, so has the use of DNS... Due to the reliability built into the fundamental RFC-based design of DNS, most IT professionals don't spend much time worrying about it. This can be a huge mistake! more»

Tips to Protect eCommerce Website Availability and Security During the Holidays

With the holiday shopping season quickly approaching, Internet retailers are gearing up for an onslaught of Web traffic - which is great, as long as they have the right measures in place to keep their customers safe and satisfied. Even one hour of downtime due to a website outage or a malicious attack can have significant impact on a retailer's reputation and revenue, especially during the holidays, a time which the National Retail Federation says can add up to 40 percent of an online retailer's annual revenue. more»

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more»

How Will Banks Ensure the Safety of Our Money? DDoS Attacks on NL Banks

This week bank costumers of The Netherlands were shocked when they realised that online banking may not be as safe as they thought. Perhaps some were surprised to hear that what they think is money, is nothing but digits, something that does not exist. Their money only exist because we all act as if it exists and accept transactions between each other aided by software run by banks, if they haven't outsourced that function. more»

Open DNS Resolvers - Coming to an IP Address Near You!

Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured.  more»

DNS Reflection/Amplification Attack: Proved

Last year there was a "threat" by anonymous group to black out Internet by using DNS Reflection/Amplification attack against the Internet DNS Root servers. I even wrote a little article about it: "End of the world/Internet". In the article I was questioning if this was even possible and what was needed as general interest and curiosity. Well, looking at the "stophaus" attack last week, we are getting some answers. more»

The Spamhaus Distributed Denial of Service - How Big a Deal Was It?

If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more»

End of the World/Internet on 31-March-2012?

Well... Maybe not the world, but the Internet it seems. According to a Pastebin letter, Anonymous announced they will black-out Internet on 31st of March. They even explained how to do it by attacking the DNS Root Servers on Internet using a reflected amplification attack. If this is successful, the root DNS servers will become unresponsive and cannot handle any other requests... more»

Largest DDoS Attack To Date Aimed at Spamhaus Effects Global Internet Traffic

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history. A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet. It is having an impact on popular services like Netflix -- and experts worry it could escalate to affect banking and email systems. more»

IPv6: SAVA, Ca va pas?

Sender Address Validation and Authentication (SAVA) is the silver bullet. It will send to Cyberia all dark forces that make us shiver when we make a purchase on the internet, pose a threat to our very identities and have made DDoS a feared acronym. Some of you will remember the heated debates when Calling Line Identification (CLID) was first introduced in telephony. Libertarians of all stripes called passionately to ban such an evil tool... more»

Cloud Computing's Concealed Complexity

James Urquhart claims Cloud is complex - deal with it, adding that "If you are looking to cloud computing to simplify your IT environment, I'm afraid I have bad news for you" and citing his earlier CNET post drawing analogies to a recent flash crash. Cloud computing systems are complex, in the same way that nuclear power stations are complex - they also have catastrophic failure modes... more»