Massive online attack
Post Reply
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
22-10-2016, 06:34 AM
Massive online attack
http://www.usatoday.com/story/tech/2016/.../92507806/


Quote:SAN FRANCISCO — Eleven hours after a massive online attack that blocked access to many popular websites, the company under assault has finally restored its service.
Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning. The issue kept some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites.

[Image: dobie.png]Science is the process we've designed to be responsible for generating our best guess as to what the fuck is going on. Girly Man
Find all posts by this user
Like Post Quote this message in a reply
22-10-2016, 06:37 AM
RE: Massive online attack
Some fifth grader doing his homework. Consider
Visit this user's website Find all posts by this user
Like Post Quote this message in a reply
[+] 1 user Likes Gawdzilla's post
22-10-2016, 06:56 AM
RE: Massive online attack
Apparently it wasn't a tradional DOS type hack.....

Instead of using a single or multiple computers, it used millions of internet connected devices, other than PC's and the like....


Sort of a "wide spectrum" type hack.....

.......

And people want their internet connected car driving itself.......

....

Good luck with that....

.......................................

The difference between prayer and masturbation - is when a guy is through masturbating - he has something to show for his efforts.
Find all posts by this user
Like Post Quote this message in a reply
[+] 3 users Like onlinebiker's post
22-10-2016, 08:31 AM
RE: Massive online attack
DYN is Domain Name Service (DNS) provider. It is the most effective link in the web page chain to attack.
Find all posts by this user
Like Post Quote this message in a reply
[+] 1 user Likes skyking's post
22-10-2016, 08:42 PM
RE: Massive online attack
https://www.lawfareblog.com/someone-lear...n-internet

Someone Is Learning How to Take Down the Internet

By Bruce Schneier Tuesday, September 13, 2016, 10:00 AM

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."

There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes—and especially their persistence—points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the U.S.'s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won't see any attribution.

But this is happening. And people should know.

“I am quite sure now that often, very often, in matters concerning religion and politics a man’s reasoning powers are not above the monkey’s.”~Mark Twain
“Ocean: A body of water occupying about two-thirds of a world made for man - who has no gills.”~ Ambrose Bierce
Find all posts by this user
Like Post Quote this message in a reply
[+] 2 users Like Full Circle's post
22-10-2016, 08:56 PM
RE: Massive online attack
If they get into my bank account, I'll lose $4.00!!!!! Gasp

NOTE: Member, Tomasia uses this site to slander other individuals. He then later proclaims it a joke, but not in public.
I will call him a liar and a dog here and now.
Banjo.
Find all posts by this user
Like Post Quote this message in a reply
[+] 3 users Like Banjo's post
22-10-2016, 09:08 PM
RE: Massive online attack
(22-10-2016 08:56 PM)Banjo Wrote:  If they get into my bank account, I'll lose $4.00!!!!! Gasp

This is my worry-

Sadcryface2 My bubblegum money! I will lose all my bubblegum money! I have twice as much as you do, so I have more bubblegum money to lose. Laughat

Not to disparage the OP. We are under threat, that is for sure. The new face of war is the internet.
Find all posts by this user
Like Post Quote this message in a reply
22-10-2016, 09:38 PM
RE: Massive online attack
We know where their cables are. We can disconnect them from the internet any time we want. Dodgy

Skepticism is not a position; it is an approach to claims.
Science is not a subject, but a method.
[Image: flagstiny%206.gif]
Visit this user's website Find all posts by this user
Like Post Quote this message in a reply
[+] 2 users Like Chas's post
22-10-2016, 09:58 PM
RE: Massive online attack
(22-10-2016 08:42 PM)Full Circle Wrote:  https://www.lawfareblog.com/someone-lear...n-internet

Someone Is Learning How to Take Down the Internet

By Bruce Schneier Tuesday, September 13, 2016, 10:00 AM

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."

There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes—and especially their persistence—points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the U.S.'s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won't see any attribution.

But this is happening. And people should know.
From the above quoted article:
"Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them."
They are talking about Domain Name Service (DNS) here.
Your request a page like cbs.com or twitter.com, and your internet provider's DNS server will resolve that name to a number, like 124.32.4.159 Without that number we get nowhere. Most times when pages fail to load and the internet is down, It is really a DNS failure.
The local DNS server may have the information stored locally in a file called a cache, or it may request it from a server upstream, with their provider. This can continue upstream until you reach the authoritative server for a domain.
The arrangement is tiered, like a wedding cake, only there are several main DNS servers.
Only one DNS server is the authoritative server for a domain like ours. It may be paired with a failover server, but the data is mirrored and it acts as a backup.
A classic DDoS attack involves hammering a web server with so many requests that it can't keep up.
This last attack was on the DNS server, and was written to flood it with many bogus DNS requests. This was far more damaging because DYN's servers have that critical resolution information for many thousands of websites. In essence they were able to take down a whole lot of the net with relatively little effort.
Hope this helps.
Find all posts by this user
Like Post Quote this message in a reply
23-10-2016, 10:58 PM (This post was last modified: 23-10-2016 11:04 PM by Lucipurr.)
RE: Massive online attack
(22-10-2016 06:56 AM)onlinebiker Wrote:  Apparently it wasn't a traditional DOS type hack.....

Instead of using a single or multiple computers, it used millions of internet connected devices, other than PC's and the like......

It's still just a botnet.

And a DDoS attack is not "hacking".
Find all posts by this user
Like Post Quote this message in a reply
Post Reply
Forum Jump: