

Online Dispute Becomes Internet-Snarling Attack - uvdiv
http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all

======
codexon
DNS reflected attacks need to be addressed NOW.

The problem is getting worse every day. You can rent botnets that exploit this
for as low as $5 on places like hackforums.

Authorities won't deal with your problem unless you are as big as Mastercard.

Your host will likely ask you for protection money (ddos protection is
incredibly expensive) or just kick you out to protect their other customers.

The sad thing is that when people talk about it on a hosting forum, the number
one response is "who did you piss off"?

~~~
rdl
This is why I plan to be off-world by the time the average 14 year old kid is
able to create a serious bioweapon in 15 minutes by following instructions
from online.

~~~
eksith
We're already there, but it's not 15 minutes. You can buy bio-hacking
equipment fairly cheap (maybe not allowance cheap, but "Hey, mom, dad, can you
buy me a chemistry set?" cheap) including those used for DNA replication.

I don't know how well they've tightened specimens for scientific study, but
there was a scandal not too long ago where anyone who bothers to fill out
paperwork could order anthrax and smallpox for research purposes from a lab.

~~~
jrkelly
> but there was a scandal not too long ago where anyone who bothers to fill
> out paperwork could order anthrax and smallpox for research purposes from a
> lab.

There's lots of problems in this post. But the idea that anyone could "order
smallpox" is totally false. A journalist synthesized 1 gene from smallpox
which is the scandal you were referring to. 1 gene != smallpox.

------
uvdiv
CloudFlare's report (6 days ago):

[http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-
of...](http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-
ho)

~~~
gadders
Can someone explain the various layers of attack they mention please? Does
that relate to the 7 layer OSI model?

~~~
asdfaoeu
Layer 3 is the network layer, basically they mean the attack is just
generating enough traffic at the network level to overload the target.

Layer 7 is the application layer which means they are overloading the
application. A web server connected to a 10gbit link won't be able to handle
10gbit of traffic if each request it has to do a complicated SQL query for
each load. Layer 7 requires much less bandwidth though it depends on sending
correctly formatted data.

A layer 3 attack doesn't even get to the application so it doesn't matter what
the data is which means they can use techniques like the Open DNS resolver
reflector and hence can get much more traffic with a little amount of seed
traffic. As well this hides the "original" source of the attack.

~~~
gadders
Thank you.

------
onemorepassword
Just FYI, Cyberbunker aka cb3rob aka Sven Kamphuis has been involved in
scandals, conflicts, lawsuits and general mayhem for ages. He's a poor man's
Kim Dotcom.

It's a paranoid one man show that seems to be compulsively anti-everything,
and especially anti-authority. However, on a technical level he seems to know
what he's doing.

~~~
psionski
Paranoia? Anti-authoritarian behavior? Technical expertise? I have found my
new hero ;)

------
16s
Some quotes from the article:

 __ _“These things are essentially like nuclear bombs,” said Matthew Prince,
chief executive of Cloudflare. “It’s so easy to cause so much damage.”_ __

 __ _"He likened the technique, which uses a long-known flaw in the Internet’s
basic plumbing, to using a machine gun to spray an entire crowd when the
intent is to kill one person."_ __

The hyperbole here is astounding. DNS amplification attacks and generic DDOS
attacks are nothing at all like that. Why do these silly articles continually
relate them to war and weapons that kill humans?

Edit: I read once in the monthly cryptogram that a DDOS is more like the
Russians sending a million man army to go stand in line at the local DMV. They
___deny_ __normal customers the service, they do not __ _kill_ __them. Denying
access and killing are two very different things.

~~~
jiggy2011
You're right, it's a bad analogy but people always struggle with trying to
analogise things like this that don't have a parallel in the physical world.

If you had the Russian army attempt to blockade shops you would expect a
response from the US Army and the shop to be unblockaded in fairly short
order.

The dangerous thing about DDOS is not that it's a particularly deadly weapon
but that it's powerful enough to do a non-zero amount of economic damage with
little/no risk for the perpetrator and that there is no effective counter-
measure that doesn't involve throwing money away.

------
joseph_cooney
The phrase “These things are essentially like nuclear bombs,” left me shaking
my head....

~~~
SoftwareMaven
I'm listening to The Last Train from Hiroshima[1] right now. These things are
_nothing_ like nuclear bombs. I hope we never experience anything remotely
like nuclear bombs on this planet again.

1\. [http://www.amazon.com/Last-Train-Hiroshima-Survivors-
Look/dp...](http://www.amazon.com/Last-Train-Hiroshima-Survivors-
Look/dp/1400115639)

~~~
kefka
Interestingly enough, there seems to be questions regarding the book as a
factual source. This is taken from the amazon link you provided:

Recently, there have been questions about the accuracy of some parts of this
book. At this time, Tantor Media will continue to make it available to our
customers, but we wanted to make you aware of the issues. Here is a statement
from the hardcover publisher of the book, Henry Holt and Company:"It is with
deep regret that Henry Holt and Company announces that we will no longer
print, correct or ship copies of Charles Pellegrino's The Last Train from
Hiroshima due to the discovery of dishonest sources of information for the
book. It is easy to understand how even the most diligent author could be
duped by a source, but we also understand that this opens that book to very
detailed scrutiny. The author of any work of non-fiction must stand behind its
content. We must rely on our authors to answer questions that may arise as to
the accuracy of their work and reliability of their sources. Unfortunately,
Mr. Pellegrino was not able to answer the additional questions that have
arisen about his book to our satisfaction."The Last Train from Hiroshima
offers listeners a stunning "you are there" time capsule, gracefully wrapped
in elegant prose. Charles Pellegrino's scientific authority and close
relationship with the A-bomb's survivors make his account the most gripping
and authoritative ever written.At the narrative's core are eyewitness accounts
of those who experienced the atomic explosions firsthand-the Japanese
civilians on the ground and the American fliers in the air. Thirty people are
known to have fled Hiroshima for Nagasaki-where they arrived just in time to
survive the second bomb. One of them, Tsutomu Yamaguchi, is the only person
who experienced the full effects of the cataclysm at ground zero both times.
The second time, the blast effects were diverted around the stairwell in which
Yamaguchi had been standing, placing him and a few others in a shock cocoon
that offered protection, while the entire building disappeared around
them.Pellegrino weaves spellbinding stories together within a narrative that
challenges the "official report," showing exactly what happened in Hiroshima
and Nagasaki-and why.

~~~
SoftwareMaven
I'm taking everything I'm listening to with a grain of salt, anyway, just due
to the effect of time on memories, especially during periods of traumatic
shock. However, even if only 10% of what is in the book is accurate, I believe
my point holds: a DDOS isn't anything like a nuclear attack.

------
CurtMonash
Wikipedia, for once, is instructive about a tech-related subject. Or perhaps
it's just being entertaining. ;)

The main Wikipedia page on Cyberbunker
<http://en.wikipedia.org/wiki/CyberBunker> reminds us both that Spamhaus has
gone after them before, including interceding with their ISP, and that Pirate
Bay was at one point hosted there.

The associated Wikipedia talk page
<http://en.wikipedia.org/wiki/Talk%3ACyberBunker> suggests, among other
things, that Cyberbunker has claimed to be an independent country (apparently
on the theory that a former NATO base isn't actually Dutch territory).

------
DanBC
> “Nobody ever deputized Spamhaus to determine what goes and does not go on
> the Internet,” Mr. Kamphuis said.

Nobody is forced to use the Spamhaus service. The people choosing to use the
Spamhaus service seem to be happy with it.

~~~
jiggy2011
Getting on one of their blacklists for an unknown reason can be a serious PIA.

------
sc68cal
> Spamhaus, one of the most prominent groups tracking spammers on the
> Internet, uses volunteers to identify spammers and has been described as an
> online vigilante group.

The authors of this article have absolutely no idea what they're talking about
- and what's worse is they sprinkle this kind of crap throughout the article.

>Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for “abusing
their influence.”

>“Nobody ever deputized Spamhaus to determine what goes and does not go on the
Internet,” Mr. Kamphuis said. “They worked themselves into that position by
pretending to fight spam.”

And this goes unchallenged? Honestly I can't believe they printed such
bullshit! Everyone _configures_ their MTA to use Spamhaus because it WORKS -
nobody is forcing MTA admins to use it.

~~~
kefka
And it seems rather close to blackmail.

"If you dont stop behavior _I_ dont like, I'll submit you to a list so nobody
can send or receive email from you."

And the hope is that they act honorably.

------
narad
_The heart of the problem, according to several Internet engineers, is that
many large Internet service providers have not set up their networks to make
sure that traffic leaving their networks is actually coming from their own
users._

Why the ISP networks are not doing their job? Isn't is very simple to filter?

~~~
EwanToo
It's not massively hard, but it's also not trivial either, and most ISPs have
a "If it's not broke, don't fix it" policy for fundamental things on their
network.

------
dkulchenko
Wow. How big does your botnet have to be to provide 300 Gbps?

Would be interesting to see an update from CloudFlare - AFAIK, the largest
DDoS they've dealt with before has been a tad over 100 Gbps.

~~~
SoftwareMaven
Having DNS reflection assist with a 100x increase in data certainly helps.

------
geuis
Please, stop linking to sites with pay walls. There's no way for the general
public to access such sites. The publishers are free to monetize as they wish,
but personally I do not believe pay walls are how to do it. Further linking to
such articles is only going to continue to break the web.

~~~
mozboz
Interstitial ad != paywall

~~~
gadders
Unless you've read your ten free articles for the month...

------
adventured
This isn't complicated. If someone or some group or some company vandalizes
property (a 300gbps denial of service attack), you arrest and prosecute them
for the crime.

~~~
Tomdarkness
Apart from it is complicated. You need to prove who is behind the attack and
you are not going to be proving anything with a list of thousands of IPs
running open dns resolvers which, as far as they are concerned, show that you
were just requesting tons of DNS records yourself.

~~~
freditup
Except that according to the article, Cyberbunker admits to being the
perpetrator of the attacks. They also brag about fending off SWAT teams in the
past (which does seems unlikely).

~~~
Tomdarkness
The key part in the article which would imply this is not a direct quote nor
can I find this online message they refer to. Both of which smell of
potentially dodgy journalism to me and in any case is pure speculation without
an official statement from cyberbunker.

~~~
freditup
My initial reaction to your comment was to say that it was an article form the
NYT and should be reliable. But to be completely honest, it seemed like kind
of shady journalism to me too, based more on rumor then anything substantial.
It does reflect sadly on the state of the media these days though when even
the NYT can't be generally trusted.

------
coditor
Why can we not figure out how to shut down the computers participating in a
botnet? It seems like a technology problem.

