Cloudflare, and the 120Gbps DDOS "that almost broke the Internet"
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet Yes: 120 gigabits/second, primarily of DNS amplification traffic. Still think it's optional to implement BCP38 pervasively? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Is someone pissed off at Spamhaus, or was the intention to packet them so hard their entire network ceased to exist so they can no longer offer DROP/RBL/xyz service? Seldom do hax0r nations target things without some type of "justification". I don't really care who is being internet murdered, I care why. It's probably the same people who have been posting news articles from Ashworth's email. On 3/27/13 11:44 AM, "Jay Ashworth" <jra@baylink.com> wrote:
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Yes: 120 gigabits/second, primarily of DNS amplification traffic.
Still think it's optional to implement BCP38 pervasively?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
That was a really big attack. The scary part is that it's all DNS reflection, meaning the attackers only need 3Gbps of bandwidth to generate 300Gbps of DDoS. Imagine if they compromised some of the medium sized corporate networks along with these Botnets. I don't know if the exchanges could hold up against 1Tbps of DDoS, and the difference between 300 and 1000Gbps is not a lot. While I'm excited that CloudFlare is doing such a good job bringing this to the attention of the masses I can't help but feel that this is essentially a time bomb. If this attack was an order of magnitude larger, things might be very different. Cheers, Joshua Sent from my iPhone On Mar 27, 2013, at 12:10 PM, "Warren Bailey" <wbailey@satelliteintelligencegroup.com> wrote:
Is someone pissed off at Spamhaus, or was the intention to packet them so hard their entire network ceased to exist so they can no longer offer DROP/RBL/xyz service?
Seldom do hax0r nations target things without some type of "justification". I don't really care who is being internet murdered, I care why.
It's probably the same people who have been posting news articles from Ashworth's email.
On 3/27/13 11:44 AM, "Jay Ashworth" <jra@baylink.com> wrote:
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Yes: 120 gigabits/second, primarily of DNS amplification traffic.
Still think it's optional to implement BCP38 pervasively?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On Wed, Mar 27, 2013 at 12:18 PM, Joshua Goldbard <j@2600hz.com> wrote:
That was a really big attack.
The scary part is that it's all DNS reflection, meaning the attackers only need 3Gbps of bandwidth to generate 300Gbps of DDoS.
Imagine if they compromised some of the medium sized corporate networks along with these Botnets. I don't know if the exchanges could hold up against 1Tbps of DDoS, and the difference between 300 and 1000Gbps is not a lot.
While I'm excited that CloudFlare is doing such a good job bringing this to the attention of the masses I can't help but feel that this is essentially a time bomb. If this attack was an order of magnitude larger, things might be very different.
Consider this a call-to-arms, in all aspects. Please. - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
On Wed, Mar 27, 2013 at 12:30:43PM -0700, Paul Ferguson wrote:
Consider this a call-to-arms, in all aspects. Please.
+1 No. Not enough. +10. But...our collective track record in responding in a timely and effective fashion to such calls is not very good. Twenty years ago we could have killed spam. Ten years ago we could have killed botnets. We didn't do either (despite *numerous* warnings of how bad it would get -- warnings dismissed as unduly pessimistic at the time, now viewed as naively optimistic) and in part because we didn't...now we have this. There are entire business sectors which now exist just to make up for our failure to do those things when we had the chance. And while there are good and smart people in those doing some good and smart things, all those sectors are really doing are (a) costing us a ton of money and (b) helping us tread water. I suggest we fix these problems before we wind up creating yet another market for yet another several billion dollars that could be better used on making forward progress. Or worse, before some government somewhere decides to "solve" this problem for a value of "solved" involving (shudder) legislation. --rsk
On Mar 27, 2013, at 6:25 PM, Rich Kulawiec <rsk@gsp.org> wrote:
Or worse, before some government somewhere decides to "solve" this problem for a value of "solved" involving (shudder) legislation.
In general, governments have avoided regulating various aspects of the Internet, in part because of lack of understanding and in part because the community keeps telling them that trying to regulate won't work because of its decentralized nature. As the Internet becomes increasingly important to each country's economy and its citizens, the status quo is not likely to continue. The real question is, when governments do decide to try and help "improve the Internet", who will they be listening to, and will the operator community have spoken with a clear enough voice in these matters on what actually would make for an improvement? FYI, /John
On Wed, Mar 27, 2013 at 3:09 PM, Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
Is someone pissed off at Spamhaus, or was the intention to packet them so hard their entire network ceased to exist so they can no longer offer DROP/RBL/xyz service?
According to the New York Times it was 300 gbps and Cyberbunker was the bad guy. http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all&_r=0 -Bill
As cyberbunker stops killing spamhaus and goes after Gilmore.. I think these are the guys who used to colo HavenCo after they burnt their platform down? I'm not sure how I feel about Cloudflare comparing being packeted to a nuclear bomb? After the packeting drys up, is there really total devastation? Seems to me it would better to compare it to something like a giant traffic jam (http://en.wikipedia.org/wiki/China_National_Highway_110_traffic_jam) not miles of land completely wiped out with zero hope of salvage? Unless cisco has implemented a mechanism to melt a router when the traffic exceeds 100gbps? ;) On 3/27/13 12:22 PM, "William Herrin" <bill@herrin.us> wrote:
On Wed, Mar 27, 2013 at 3:09 PM, Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote:
Is someone pissed off at Spamhaus, or was the intention to packet them so hard their entire network ceased to exist so they can no longer offer DROP/RBL/xyz service?
According to the New York Times it was 300 gbps and Cyberbunker was the bad guy.
http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becom es-internet-snarling-attack.html?pagewanted=all&_r=0
-Bill
that article is absolute rubbish. take with large pinch of salt, rockstar in hamster outfit type nonsense. $dayjob didn't lose any traffic during the period, some guys where affected because of the lottery of being on the same switch as couldfare. regards, Neil. On 27 Mar 2013, at 18:45, "Jay Ashworth" <jra@baylink.com> wrote:
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Yes: 120 gigabits/second, primarily of DNS amplification traffic.
Still think it's optional to implement BCP38 pervasively?
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
participants (9)
-
Jay Ashworth
-
John Curran
-
Jordan Michaels
-
Joshua Goldbard
-
Neil J. McRae
-
Paul Ferguson
-
Rich Kulawiec
-
Warren Bailey
-
William Herrin