Linked by Thom Holwerda on Thu 28th Mar 2013 00:36 UTC, submitted by MOS6510
Internet & Networking "The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."
Thread beginning with comment 556911
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Not so fast.
by Laurence on Thu 28th Mar 2013 09:32 UTC in reply to "Not so fast."
Member since:

That's such a dumb article. They've cherry picked statements to suit their own bias and missed the crux of the official reports that have been made.

I mean, sure, if you just read clickbait headlines like "a DDoS attack make the internet crash" then you're bound to oppose those reports. But read the content a little deeper and you'll get the true picture:

1/ this wasn't just a botnet, it was using open DNS resolvers to multiply forged UDP packets by 10 times their original size (think of this like sending a HTTP request header, the data that's returned is greater than the data that's sent. Well this type of attack is similar to that principle except it's exposing a weakness of UDP (the ease of spoofing IP numbers) so the server sends the reply to a different destination than the guy who sent the UDP packet) and a weakness of open DNS resolvers (ie accepting UDP packets with no maximum bandwidth limit).

2/ The reason most users didn't see much impact is because of the way how the web works. Think of it like a power grid, if one power station goes down then the others pick up the slack. However if your local substation goes down, then local residents will be without power. The only people affected were those local to the worst hit internet exchanges.

3/ following on the previous comment, the claim that this was "just a Dutch problem" is just an idiotic statement that demonstrates zero knowledge about how the web works. Peers buy and sell bandwidth from each other and re-route traffic to avoid black spots. An attack of this magnitude meant that Cloudflare had to distribute their traffic globally. Furthermore, the aforementioned statement also overlooks the fact that the attackers then started flooding Cloudflares direct peers and exchanges. when it became obvious that Cloudflare themselves had the resources to manage the initials attacks (a bit like trying to cut all the main roads into a city so it starves to death instead of directly invading the city itself).

4/ Of course Amazon's cloud services were green. Amazon wasn't being hit. However many of Cloudflare's services had been impacted. All week I'd been greeted with sporadic static pages from Cloudflare when their network creaked. However I live close to one of the heaviest hit internet exchanges and direct peers to Cloudflare.

The fact that such little impact was felt by internet goers is a great testimony to how sophisticated the design of the internet is. We have a global infrastructure with a design that allows it to reflow traffic dynamically and cooperatively when weaknesses are attacked. I can't think of a single other man made creation that is a flexible and robust on a grand scale as the internet is. And when you also consider how old many of the design decisions are and how it's evolved and been built up over the decades, it really shouldn't work this well!

Edited 2013-03-28 09:39 UTC

Reply Parent Score: 10

RE[2]: Not so fast.
by bowkota on Thu 28th Mar 2013 09:40 in reply to "RE: Not so fast."
bowkota Member since:

I mean, sure, if you just read clickbait headlines like "a DDoS attack make the internet crash"

You mean like the one on Cloudflare's blog, one being linked here? Or maybe you mean the NY times article.

Reply Parent Score: 2

RE[3]: Not so fast.
by Laurence on Thu 28th Mar 2013 10:11 in reply to "RE[2]: Not so fast."
Laurence Member since:

Any of them.

You have to remember that headlines are just there to get readers - they're not intended to be 100% factually accurate (I agree it's crap how they're misused - but that's a whole other debate).

You can't expect to read a headline to get the full story; just like the old adage that you can't judge a book by it's cover.

Edited 2013-03-28 10:15 UTC

Reply Parent Score: 2

RE[2]: Not so fast.
by Soulbender on Fri 29th Mar 2013 02:40 in reply to "RE: Not so fast."
Soulbender Member since:

Still, saying that "it almost broke the internet" is a big exaggeration and pretty much sensationalist nonsense. There was really no risk that the internet would "break" globally.

It's pretty damning for the competency of the IT industry that there still are enough open DNS resolvers in 2012 for this to be feasible though. It's far from rocket science to configure a resolver properly and if you can't even do that, well, I have bad news for you: you're grossly incompetent.

Edited 2013-03-29 02:41 UTC

Reply Parent Score: 2