
Internet Attack Spreads, Disrupting Major Websites - pouwerkerk
http://www.nytimes.com/2016/10/22/business/internet-problems-attack.html
======
mancerayder
Is it confirmed yet that so-called IoT devices were the bots?

Bruce was on point if so, arguing a couple weeks ago that accountability needs
to happen on the manufacturers:

"What was new about the Krebs attack was both the massive scale and the
particular devices the attackers recruited. Instead of using traditional
computers for their botnet, they used CCTV cameras, digital video recorders,
home routers, and other embedded computers attached to the Internet as part of
the Internet of Things.

Much has been written about how the IoT is wildly insecure. In fact, the
software used to attack Krebs was simple and amateurish. What this attack
demonstrates is that the economics of the IoT mean that it will remain
insecure unless government steps in to fix the problem. This is a market
failure that can't get fixed on its own.

"

[https://www.schneier.com/blog/archives/2016/10/security_econ...](https://www.schneier.com/blog/archives/2016/10/security_econom_1.html)
("Security Economics of the Internet of Things")

~~~
rayuela
I feel like I hadn't thought of this as a market failure until reading your
post calling it that. You're absolutely right about it. That's exactly what it
is and the need for government involvement is quite obvious now. Suppliers are
going to need to be held liable for the negative externalities their product
offerings create, otherwise we're stuck at an equilibrium point where this
situation does not improve.

~~~
Splines
If ISPs were treated like a utility and charged per bit, customers would have
an incentive to ensure that their devices weren't dumping traffic onto the
internet. It's rare that you can see a dashboard showing your usage, even
rarer to see a dashboard showing your usage, broken down by device.

~~~
tyre
With ISPs (at least in the US) moving towards data caps, this is becoming a
reality. It won't fix the problem.

DDOS attacks via IOT don't have to send much data per request. If my devices
are doing an extra 10Mb/hour, I won't notice. 1000 homes is 10Gb/hour and
that's just a few blocks in a city. 100,000 homes seems easy to hit, which is
a petabyte of data per hour.

It's death by a thousand paper cuts. If my internet bill goes up a dollar per
month, it's highly unlikely I'm going to debug my refrigerator to figure out
how to stop it.

~~~
sophacles
I think this is missing one component though. I agree I wouldn't, you
wouldn't, in fact most people wouldn't debug their refrigerator over a dollar
a month bandwidth bill.

I would however take into consideration bandwidth bill effects of what I buy.
By comparison: today I buy LED lightbulbs and energy efficient appliances
because they will have a long term cost impact on my electricity bill.

~~~
collinmanderson
Right, though the IoT manufacturers probably aren't going to factor in
internet attacks when advertising bandwidth usage. :)

------
csallen
Schneier wrote about related attacks just over a month ago in a post titled
"Someone Is Learning How to Take Down the Internet"
([https://www.schneier.com/blog/archives/2016/09/someone_is_le...](https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html))

~~~
msane
Hopefully it's not related threats about hacking during the election.

Remember that recently Biden openly threatened cyber attack on Russia _if_
they make any attempt to tamper with the election. Which is completely
unprecedented, as is the notion that DOD is openly saying Russia was behind
DNC and other attacks.

~~~
cm2187
Also what amazed me is that he would casually threaten to strike Russia. It
seems that no one considers these attacks as an act of war. But that's what
they are.

~~~
meowface
It's espionage, not necessarily an act of war. The US government is
threatening to strike back with more espionage. (If they haven't already...)

~~~
cm2187
Espionage is stealing data. Disrupting utility services is an act of war,
whether it is shutting down an electricity power plant, cutting
communications, or any other act of sabotage.

~~~
optionalparens
This is true, but in fun hypothetical talks with various tech friends over the
decades, we often talked about in relation to Internet services in particular,
taking down services and such can actually help with hacking (i.e. stealing
data) efforts. How? Why? Firstly, probing as the article mentions does yield
plenty of valuable intel which is the core for espionage.

Secondly, we often joked that companies have such flawed backup and response
procedures that triggering these things has a funny effect. More specifically,
a lot of times in our experiences, we saw things like backups, up-scaling
servers, etc. go noticeably unmaintained or poorly attended. A lot of people,
especially years ago never did a great job of testing their backup systems,
failovers, scaling, etc. and kept them up-to-date and secured as well as the
main stuff. It's more interesting in some ways in this world of containers and
VMs. One would assume things are updated, patched, and deployed exactly inline
with the mainline stuff, but that's not always the case. It often takes only
one slip-up and this is where a ton of people make mistakes for so many
reasons. And sometimes it's easier to manipulate the protection systems to be
the vector itself than the systems they are protecting.

That is to say, messing around with services sometimes can be a way of
creating an open front or back door. Especially if there's malware and things
that can be planted that will be less likely to be caught in the panic or
otherwise deployed as a result of the panic response.

Of course all of this is more unlikely, but it's fun to think about in the
same way stupid schemes that are similar in heist movies are fun.

~~~
pinebox
Doesn't seem hypothetical or unlikely at all:

[http://www.zdnet.com/article/symantec-data-stealing-
hackers-...](http://www.zdnet.com/article/symantec-data-stealing-hackers-use-
ddos-to-distract-from-attacks/)

IIRC this tactic was used during the massive Target data breach in 2014.

------
gamegod
Irony alert:

> _" But technology providers in the United States could suffer blowback. As
> Dyn fell under recurring attacks on Friday, Mr. York, the chief strategist,
> said such assaults were the reason so many companies are pushing at least
> parts of their infrastructure to cloud computing networks, to decentralize
> their systems and make them harder to attack."_

Pushing your infrastructure to cloud computing is not decentralization - it's
centralization, and we're all doing it. Imagine if an attack like this was
against AWS... we'd all be screwed.

~~~
traskjd
Interestingly, in some ways this is a big selling point of AWS/Azure/Goog. The
absolute scale they can handle is way up there.

The downside of course, is that whilst their infrastructure can likely handle
it, handling the bill associated with 'just scale up your service' could be
worse than the attack itself.

~~~
stcredzero
If Azure and Google would like to gain a competitive advantage over AWS, then
I would suggest this: Build out a suite of tools for fighting DDOS. Enable
private consultants and companies to provide this as a service. Do this in
such a way, that cloud customers save money and have to worry about less.
Hell, let companies jump in structured as insurance companies! Also bring in
cooperation with law enforcement and use data gathering to catch and prosecute
DDOS-ers.

~~~
atmosx
> Enable private consultants and companies to provide this as a service.

If I am an AWS customer I _expect_ AWS to handle/prevent DDoS, same way as
they do with S3 to achieve 11 9's availability (the files are saved in
multiple AZs in the same region - Glacier IIRC copy files on different regions
to avoid data loss in case of physical disaster).

One of the reason for choosing AWS is because AMZ has deep pockets and has the
means (financial and technical) to fight against large DDoS attacks, while a
smaller provider might _not_ have to do that. Putting clients in a position to
have to _buy_ that sort of protection doesn't sound very smart to me.

~~~
takeda
> do with S3 to achieve 11 9's availability

I see so many people confused about this. Eleven nines is their durability
guarantee, their availability that they guarantee is only 99.99%

[https://aws.amazon.com/s3/faqs/](https://aws.amazon.com/s3/faqs/)

~~~
JumpCrisscross
What's the difference between durability and availability?

~~~
eloff
Availability is the % of times you try to access your data that you get it
back. So 52.5 minutes of downtime a year is still within SLA.

Durability is the % of your data that doesn't die. Eleven 9s means that if you
store 1TB on AWS S3 you can expect to lose 10 bytes and still be within SLA.

~~~
jacquesm
No, it means that if you store your data there that there is a .000000001%
chance that you will lose all of it.

~~~
speedplane
Is that true? How can they possibly measure a probability event so small? If
every human in the world was their customer, then .05 humans would lost heir
data?

~~~
jontas
I don't know much about actuarial math but I think this number is for
insurance policies more than anything else. It could be based on something
like the rate of hardware failures they experience now amortized over a long
period and many customers, and then adjusted to account for redundancy.

As a very simplified example, imagine they are expecting to lose 2 servers
every day, this percentage might be the probability of those two servers
storing the same exact object (and thus, losing it irretrievably).

------
lifeisstillgood
We seem to be needing more concerted action on what is a consumer minimum
standard for an internet connected device.

Consumer devices have to be _more_ secure because if the low user skill level
- and interest.

I am always reluctant to say "there should be a law against it" but frankly if
we cannot mandate minimum standards of uogradbility and security for devices
we will just keep handing over our devices to the first person to scan them.

~~~
mjevans
Or you need to make it easier for the 'black hole' solution to be pushed
further and further back to the sources of the bad traffic.

A remote site shouldn't be able to get you banned from the Internet (by it's
self); but it MUST be able to say, "This host is being abusive, restrain them
from sending me data". ISPs SHOULD use that information to evaluate if a host
from their network might be compromised or otherwise a negative player. ISPs
SHOULD also take steps to inform, and link to educational resources, customers
which are being bad citizens of the Internet. ISPs SHOULD also be financially
motivated (punishments to them) for allowing too many uncivil customers
online; this might take the form of instead banning that ISP from the Internet
as a whole.

~~~
jlgaddis
So, as your ISP, I'm going to be held responsible for the actions of _you_ ,
my customer/user?

Okay, if I'm going to be liable, financially or otherwise, well, then we're
gonna have to make some changes around here.

First off, I'm going to have to heavily filter and restrict what traffic you
can send out to the Internet. What isn't filtered or restricted is going to
have to be inspected, logged, and retained for a period of time.

Next, because I can't be certain that you're RFC3514 compliant and that at
least some of the bits you're sending aren't malicious, I'm going to have to
prevent you from sending out any encrypted traffic. Instead of allowing you to
use any DNS servers you want, you're going to have to use mine (DNS is heavily
abused for DDoS attacks). Outgoing e-mail will be automatically redirected to
my internal smart host (STARTTLS will be blocked, by the way) and I'm gonna
have to log, read, and retain it all. HTTP traffic will be transparently
proxied and all requests and responses will be logged and retained.

That's just the beginning. Are you _sure_ this is what you prefer as your
"solution"?

As a network operator, I believe that your ISP should be nothing more than a
dumb pipe and allow the bits that you send to pass through freely. As an ISP
customer, that's how I want my ISP to act. (If something gets reported or I
"notice" you for some reason then, sure, I'll look into it. Otherwise, I try
to fuck with my customer's traffic as little as possible.)

I'll agree that there is certainly a problem, but it is not because of ISPs.

------
adamiscool8
It's fashionable to blame Russia these days, but what country manufactures the
most IoT devices, and has the type of government that could mandate backdoor
access?

~~~
msie
It's been fashionable to blame China not so long ago.

~~~
lucb1e
Did I miss it going out of fashion?

------
tedmiston
> It is too early to determine who was behind Friday’s attacks, but it is this
> type of DDoS attack that has election officials concerned. They are worried
> that an attack could keep citizens from submitting votes.

> Thirty-one states and the District of Columbia allow internet voting for
> overseas military and civilians. Alaska allows any Alaskan citizens to do
> so.

I had no idea any states allowed voting online. I wonder if the general
population will ever get access to that.

~~~
djsumdog
If they're absent T ballots, they're not counted until several weeks later
(unless the total amount of absent T ballots is larger than the margin between
any candidate to ballot measure).

~~~
combatentropy
What does the T stand for?

~~~
speedplane
Hillary. Oh no, voter fraud!

------
throw2016
This seems so out of the blue, the last attack was targeting krebs for
exposing extortionists. Who is being attacked this time and why?

There is a lot of talk of iot botnets but little to no evidence. This seems
too vague and up in the air.

If all it takes is script kiddies and random extortionists to generate such
large 1 Tbps scale attacks then we appear to be reliant on an unbelievably
fragile base.

There is a growing realization of the need for more decentralization of
services but these kind of attacks is going to drive more centralization if
only Google scale companies can manage to stay up. I think this is drop
everything and fix time for the IT profession.

~~~
cdvonstinkpot
[https://news.ycombinator.com/item?id=12763501](https://news.ycombinator.com/item?id=12763501)

------
dsr12
Wikileaks tweeted:

"Mr. Assange is still alive and WikiLeaks is still publishing. We ask
supporters to stop taking down the US internet. You proved your point. "

Link:
[https://twitter.com/wikileaks/status/789574436219449345](https://twitter.com/wikileaks/status/789574436219449345)

If their claim is true, does anyone think, it will turn many sympathizers
against them? I don't think attacking normal bushiness is a good thing to do.

~~~
idlewords
I think this tweet says more about Assange's vanity than anything else.

The motives of the attackers are much less interesting than the fact that such
attacks are now possible.

~~~
virtuabhi
"Assange's vanity than anything else" -> Don't get too ahead of yourself. Has
there been any instance where Wikileaks had made a false claim?

------
peterwwillis
So. Can we start talking about changing internet protocols to strengthen the
integrity of internet network services against DoS attack?

Currently, the internet is very very open (as long as you don't live in
certain countries). A baby monitor in Kansas can send arbitrary traffic to a
router connecting a major financial services company in Hong Kong to an
internet backbone. The idea, in a very hippy, world peace kinda way, is nice.
But... probably not something we _need_ to happen, much less should _want_ to
happen or allow, if good sense prevailed.

We have hacks in place that can prevent that particular situation from
becoming too much trouble, but if you have enough baby monitors, something
somewhere is going to choke. And really this is the point to me: you [as the
network service provider] should not have to have carrier-grade infrastructure
to avoid this scenario. If Casey Brogrammer wants to prop up a start-up on her
DSL line (do people still have DSL?) she should be able to without fear of
DoS. How do we do that?

I have no idea. But i'm betting it would require some rearchitecting of the
internet and heavily modified protocols. Personally, I think the global BGP
tables are gross (and, let's face it people, depending on RAM to perpetually
increase in size while simultaneously decreasing in cost ad infinitum is not a
realistic scaling mechanism), I think the many flaws in modern tcp/ip
protocols are not designed with specific enough use cases in mind, and that
the generalist design of the modern Internet has become more of a hindrance to
efficiency and progress than a benefit. There is absolutely no requirement
that we keep engineering ourselves into a corner, and IPv6 sure as shit isn't
going to solve it.

~~~
dredmorbius
This would make an interesting Ask HN (or StackExchange or Reddit) question.

------
tedmiston
Extensive commentary on this topic is in the update from Dyn -
[https://news.ycombinator.com/item?id=12759697](https://news.ycombinator.com/item?id=12759697)

------
nodesocket
"And in a troubling development, the attack appears to have relied on hundreds
of thousands of internet-connected devices like cameras, baby monitors and
home routers that have been infected..."

Is that really confirmed or just the reporter writing gossip.

~~~
tyingq
[https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-
powe...](https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-
todays-massive-internet-outage/)

 _According to researchers at security firm Flashpoint, today’s attack was
launched at least in part by a Mirai-based botnet._

Seems in-between. Not confirmed, but not just conjecture either.

------
codecamper
Is this the end of the Internet that news.com predicted back in 1995?

~~~
djsumdog
Are you talking about this Newsweek article?

[http://www.newsweek.com/clifford-stoll-why-web-wont-be-
nirva...](http://www.newsweek.com/clifford-stoll-why-web-wont-be-
nirvana-185306)

~~~
codecamper
I just remember seeing this article on news.com cira 1995 that predicted the
imminent demise of the Internet due to the commercialization of it. It worried
that the net just couldn't handle all the traffic from all those 56k dialup
hitting and getting email all at once.

So my comment was a bit on the ironic / goofy side.

------
seanharr11
Harold Martin held without bail (high risk of flight) accused of theft of 20
years worth of government (NSA) tools/data, Trump stating he will not concede
the election, tens of millions of IoT devices used in DDOS attack, Assange
(wikileaks originator) cut off from internet, DNC hacked and exposed.

A conspiracy theorists dream.

------
ThePhysicist
I wonder why companies affected by these IoT-enabled DDoS attacks don't sue
the companies building those devices, as they currently often choose security
over convenience when it comes to securing them. If you can forensically prove
that a large fraction of the attack was carried out using a given type of
device it should be possible to hold the manufacturer liable for the damage,
at least if no reasonable measures were taken to secure it (using blank or
default passwords on the device could count as gross negligence).

I even kind of wish that somebody would do this, as it would finally provide a
strong incentive for the manufacturers to think about security.

~~~
rasur
Poul-Henning Kamp had this proposal on the subject back in 2011:
[http://queue.acm.org/detail.cfm?id=2030258](http://queue.acm.org/detail.cfm?id=2030258)

I think it's a good idea.

------
cognivore
Kind of makes me wonder - why let up? Can it be mitigated at all? Wouldn't
they have done so by now. Be interesting if they just kept piling it on until
they've got the whole internet on it's knees.

~~~
nodesocket
Well because a lot of the companies that went down today, addressed the
problem by now running a blend of different dns providers.

~~~
cognivore
But it hasn't really dropped off since earlier today.

------
Chirael
One of the Krebs articles mentioned an idea of a certification (similar to UL)
which could be on products like DVRs and web cams. You can't ever certify
something as completely secure of course, but the certification could indicate
"firmware updatable", "no hard-coded default passwords" and "where there are
passwords they are generated randomly and unique to each specific product"
(not family of products). Maybe even "consumer can change all passwords to new
randomly generated values". I can't say that all or even many consumers will
care, but if ISPs stepped up and started emailing customers about suspicious
traffic coming from their home networks indicating one or more devices may
have been compromised, maybe a good number of consumers _would_ start to look
for that certification when they buy. Which is important because, let's face
it, if insecure products don't actually _impact sales_ then a lot of companies
aren't going to care at all. You can try to punish bad behavior after the
fact, but only if their government cooperates and even then I think many times
they'd just fold up shop under one name and open again under another. You
really have to address it at the point of purchase to affect company behavior
IMO.

~~~
collinmanderson
"if ISPs stepped up and started emailing customers about suspicious traffic
coming from their home networks indicating one or more devices may have been
compromised" \- I remember Comcast doing something like that back in 2008ish.

------
ehudla
Worth noting that even of stories such as these (new media, tech heavy)
coverage by traditional media end up on the home page of HN. Beyond this
observation, it seems that this election cycle brought home the importance of
journalism for many people.

------
deepsun
I wonder, how much electricity do these attacks spend on average? Is it
significant for economy?

~~~
laurentdc
I don't think so. Modern botnets are mostly made of devices that are operating
24/7 already, such as compromised IP cameras, set top boxes, SOHO routers, IoT
devices, etc.

The energy spent for TCP/IP stack usage is negligible at best, even when
pushing those embedded CPUs to 100%.

~~~
msane
> The energy spent for TCP/IP stack usage is negligible at best.

Not true, especially en masse. Even less true for wirelessly connected
devices.

~~~
bdamm
Power consumption fluctuations need to be up in the billions of watts before
power companies generally care and must do something about it. Wifi routers
are limited to 1W output power, so you'd need a lot more than just the
hundreds of millions of wifi routers bleating out TCP packets at the top of
their lungs to take down the power grid.

Also, what the power companies really care about are changes in consumption;
once they've adjusted the grid parameters to compensate for an increase in
power consumption, they're happy until the consumption drops off. Using wifi
or any internet traffic to destabilize the grid is just not going to work
because there just isn't enough raw drain available, even if the attackers
could get their timing absolutely flawlessly perfect so every wifi model
popped on at once.

------
rms_returns
Yet another thing to show us that IoT is a can of worms. Yes, the technology
is very helpful, but from security perspective, are we ready for it yet? Why
not make existing CCTV cameras and nanny monitors more secure before having
IoT?

------
codecamper
If these sites hosted with google cloud, would they be less susceptible to
ddos attacks?

~~~
atishay811
This attack is on the DNS and niṛ in the sites themselves. The sites are
working fine. We need better infrastructure for the internet.

~~~
palunon
Google cloud can host your DNS zones for you.

~~~
lucaspiller
That's also true of AWS, Digital Ocean, Linode, etc. Hell, you can even host
your DNS yourself!

------
progman
Are there any downloadable DNS lookup tables which could be used as hosts.txt
or /etc/hosts in case of emergency?

I know that DNS is organized in root zones with hierarchical subqueries. A
global hosts file which contains the whole IP space is sort of unfeasible
because domain names change within seconds.

However, in face of the current attacks the DNS maintainers should seriously
consider to offer downloadable hosts files so that we could use them
temporarily to circumvent DNS queries in cases of further attacks.

------
marmot777
Would longer, say, week long TTL along with some redundancy have prevented
this problem? Can it be done now to prepare for next attack? That is, TTL
shortened when making updates, etc., but then set to a week the rest of the
time. Here's an article that I think could be useful:
[https://medium.com/@brianarmstrong/youre-probably-doing-
dns-...](https://medium.com/@brianarmstrong/youre-probably-doing-dns-wrong-
like-we-were-6625efaed390#.1xnqip9w1)

------
cerved
Typical Dark Army

------
hellogoodbyeeee
How long could this go on for?

~~~
cryptoz
This particular attack will likely eventually be mitigated (hours? days?). But
it seems there is nothing preventing similar attacks from starting at any
time, and be less possible to prevent each time.

Personally, I fear we are closer to global-scale, machine-learning-based
attacks that find vulnerabilities, exploit them, and change patterns on the
fly. We may not have a stable internet any more.

Am I blindly fearmongering? I hope not. But these are new waters. Insecure IoT
is growing every hour and there's no clear path to stop it from being
exploited more and more.

~~~
leephillips
Trying to fight a war purely with defense is usually a dangerous strategy. The
only long-term solution is to find the attackers and take them out.

~~~
tunesmith
That's irony, right? I can't even tell anymore.

~~~
leephillips
No, not irony. Our infrastructure is under attack. Why not fight back?

~~~
solipsism
Based on what international laws? The source is likely in a country that
doesn't play nice with our law enforcement and extradition requests. So what
are you advocating?

~~~
briandear
Cut their internet access. Take down their power grid.

If you're being attacked, I'm not sure what international law has to do with
it. A country has the right to defend itself -- it doesn't require the UN to
grant 'permission.' If you are in the midst of being attacked, waiting for the
UN or some other disfunctional body to 'approve' would be like asking the
teacher for permission to defend yourself while you're getting your face
pounded in. Countries are sovereign. They shouldn't need permission to defend
themselves when they are under an immediate threat.

~~~
solipsism
Your Netflix stopped working. You're talking about going to war.

 _If you 're being attacked, I'm not sure what international law has to do
with it._

That's incredibly naive. Trumpian almost. Even in the midst of real war (you
know, when people are dying, not sitting on the couch unable to place a Prime
order), we follow international law. Because we want everyone else to as well.

------
rmchugh
Wikileaks seem to be claiming the attack for their supporters here:
[https://mobile.twitter.com/wikileaks/status/7895744362194493...](https://mobile.twitter.com/wikileaks/status/789574436219449345)

Any evidence to support that?

------
marmot777
Would longer, say, week long TTL along with some redundancy have prevented
this problem? Can it be done now to prepare for next attack? That is, TTL
shortened when making updates, etc., but then set to a week the rest of the
time?

------
netcommentator
Given national security interests, we need new laws: 1. IOT devices should not
ship with default passwords. 2. Internet infrastructure companies should not
be allowed to get "too big to fail".

~~~
cderwin
As far as (2) goes, they actually _need_ to be too big too fail. Otherwise,
it's plainly impossible for internet infrastructure companies to be able to
financially weather ddos attacks like this. These sorts of attacks are very
expensive to mitigate, and part of the way we can do that is to centralize
under services like AWS and collectively pay for ddos protection (short of the
government doing so and separating our network from those of major malicious
foreign actors').

------
orthoganol
WL's Twitter has claimed it was WL supporters. Although no one can really
confirm what's going on with them since the Ecuadorian embassy events the
other day.

------
tedd4u
Since it's impossible to update many permanently-insecure "IoT" devices we may
need laws to legalize gov't permanently bricking them.

------
kylelibra
Can't recall ever seeing the NY Times embed tweets in a story, is this a
first?

edit: apparently it's because I mostly read the site within the app.

~~~
tedmiston
I wonder if the embeds break when a tweet gets deleted. That was always one of
my biggest concerns when using them: that someone else can change / break your
article in the future.

~~~
danso
The embeds resolve to plaintext when a tweet is deleted. In fact, the standard
embed code includes the Tweet text in plaintext, so that at least the content
is preserved

------
owaislone
or Jen just dropped the internet.

~~~
cyberferret
LOL - I just re-watched that episode last night, as it turns out. Hilarious.
The Elders of the internet will be miffed!

------
misrab
could we just move along with ipfs and a distributed web please guys, it's
about time!

~~~
woodandsteel
I agree. From what I understand, ipfs is designed to solve this problem (and
several others). Maybe this will motivate the big actors to look into it
seriously. Anybody disagree?

~~~
niftich
I love IPFS but how exactly does IPFS/IPNS solve the DDOS problem? The FAQ
entry on this is not very convincing [1].

[1]
[https://github.com/ipfs/faq/issues/171](https://github.com/ipfs/faq/issues/171)

------
e_e_e
Brainstorming: We should make DNS mines like for Bitcoins

~~~
h4nkoslo
[https://en.wikipedia.org/wiki/Namecoin](https://en.wikipedia.org/wiki/Namecoin)

------
fowlerpower
The U.S. has changed the rules of engagment to state that any cyber attack can
be met with real military counterattack.

If the Russians are behind it, after being emboldened by Ukraine and Syria,
the United States has to respond. I'm not saying all out war but I am saying
we have to show the Russians that this affects everything we are about. It
affects our businesses, our elections, and our way of life.

I am saying there should be military action and if that leads to war then so
be it, everyone will think twice about this sort of thing again and we will
all be safer because of it.

~~~
carbocation
> I am saying there should be military action and if that leads to war then so
> be it

I don't think that war with any nation, much less Russia, should ever be such
a casual consideration. Measured in human suffering, military conflict is
inestimably more awful than brief internet downtime.

~~~
fowlerpower
Of course I agree with you but it's not about the internet downtime.

It's about messing with or elections it's about the invasions. You let it all
go on long enough and you will have much bigger problems in a few years time.

~~~
whybroke
Your point is completely accurate and critical to follow up on in a considered
way. In the real world anyway.

But unfortunately, since Thiel has invited HN to go full /pol/ the answer
you're gonna get is that it's a 400lb guy on a couch saving us from the devil.

------
codedokode
I think the main problem is that the Internet is decentralized. As it has no
single owner nobody is responsible for mitigating the attacks and noone wants
to pay for developing and implementing new protocols, installing new hardware.

~~~
Falkon1313
More the opposite, because it's too centralized, an attack can take out the
few 'authority' servers and knock off everything downstream.

