Linked by Thom Holwerda on Thu 28th Mar 2013 00:36 UTC, submitted by MOS6510
Internet & Networking "The New York Times this morning published a story about the Spamhaus DDoS attack and how CloudFlare helped mitigate it and keep the site online. The Times calls the attack the largest known DDoS attack ever on the Internet. We wrote about the attack last week. At the time, it was a large attack, sending 85Gbps of traffic. Since then, the attack got much worse. Here are some of the technical details of what we've seen."
Thread beginning with comment 557019
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by marcp
by Soulbender on Fri 29th Mar 2013 04:16 UTC in reply to "RE[3]: Comment by marcp"
Soulbender
Member since:
2005-08-18

For example, a malicious country could advertise routes that are cheaper than they truly are to get foreign routers to route traffic to them.


This would be incredibly difficult to orchestrate (for a number of technical and practical reasons) but lets say someone did. This is why we have end-to-end encryption.

It would be very hard for any single organization to prove BGP routes are being manipulated for nefarious purposes.


Other than by the massive amount of suddenly appearing transit traffic to and from the country?

Well, consider real world scenarios where A-B are friends and B-C are friends but A-C are enemies. A can abuse the internet's trust relationship to harm C and visa versa.


A and B are peers, B and C are peers but A and C are not. A could only announce C's prefixes (and vice versa) if B is in on it and if that's the case,well, you have bigger problems than BGP and then it's not something that can be solved technically.

Reply Parent Score: 2