Largest DDoS In History Reaches 300 Billion Bits Per Second 450
An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."
Re:Bunker (Score:2, Interesting)
Important bit missing from a bad summary (Score:5, Interesting)
From TFA:
Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.
The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.
Re:Alleged attempts to enter the bunker by force. (Score:4, Interesting)
Re:Bunker (Score:5, Interesting)
Except that this bunker has an air reprocessing center. It's a whole underground complex, meant to house a part of NATO's command center in the event of a thermonuclear war.
On the other hand, cutting the network cable would indeed render the criminals inside nice and fluffy, with a self-inflicted prison sentence if they decide to refuse to go out. They already resisted police raids twice, including once by a SWAT team.
Pfft. Amateurs (Score:5, Interesting)
While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.
A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.
As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.
On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.
Spamhaus and the spam problem (Score:5, Interesting)
From TFA:
“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”
I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.
Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.
Re:Evidence? (Score:5, Interesting)
Item 1: The DDOS began after Cyberbunker IPs were added to the black lists.
Item 2: Cyberbunker have a policy saying that they won't look at your servers and don't care what you do. Pretty much a green-light for spammers.
Item 3: The internet activist stating that the DDOS is in response to the blacklisting.
The circumstantial evidence points towards the attacks as being the result of the action Spamhaus took with respect to Cyberbunker. Its unlikely to be the company themselves, but rather at the instigation of one of their customers. The interesting thing is that you can find reports from 2011 (http://www.theregister.co.uk/2011/10/20/spamhaus_a2b_row/) where Spamhaus say that Cyberbunker were on the blacklist then with no prospect of being removed. What has happened in the meantime?
Re:Bunker (Score:5, Interesting)
I don't think those powerhungry air scrubbers are still online all the time.
And I surely hope that the Cold War independent energy source (probably a small nuclear reactor) was removed, so cutting power should simply work. As soon as the batteries drain, end of story.
But note that the whole SWAT story seems to have Cyberbunker as only source in the linked articles. I wouldn't take their (spamming ddosers they are) word for it.
The whole article regurgitates the vibe that CB wants to spin, it is not a factual description of reality. The main NATO HQ on Dutch soil used to be the Cannerberg (which could house government and parlement), while the said location afaik is only a minor relay station, and the spin seems to borrow facts from more major bases.
Re:Watch your clauses, people! (Score:4, Interesting)
It doesn't.
The complaint is that the traffic resulting from the computers participating in the botnet that is behind this DDoS attack is sufficient, from wherever it is, to knock off legitimate use. As the bots can be anywhere, some are in the US. Those bots are causing grief for Netflix users.
Re:Watch your clauses, people! (Score:5, Interesting)
Just a badly written article. The attack was a spoofed attack on DNS root servers (I think - badly written article) that reflected back toward Spamhaus. This would cause disruptions to DNS and to Spamhaus. By extension, the huge amount of traffic seems to be slowing down just about everything.
Don't know when this started, but I was watching Netflix on Monday and got 2 dots instead of my usual 4 and I'm in the Midwest US.
Re:Excuse my naivety but (Score:3, Interesting)
to disconnect them from THEIR upstream providers
That's about the start of the online war. Though disconnection was not by court orders, but by spamhaus' actions.
Years ago cyberbunker was already sending out spam. When spamhaus got sick of the actions of cyberbunker, they put A2B internet, the uplink for cyberbunker, on the blacklist in order to force A2B to disconnect cyberbunker. While cyberbunker should have been killed a decade ago, the A2B IP range affected did not send out spam. Spamhaus abused their power to force a (mostly) legal company to disconnect a spammer.
While the mission is noble, I think that spamhaus' abuse of power is unacceptable!
I say "(mostly) legal company" because A2B owner Erik Bais isn't all cleared. While he does not host spammers himself, he is well known for supporting spammers and running their networks. Erik is/has been running (part of the) the systems of convicted spammer Martijn Bevelander, spammer hoster Marco van Gink (datahouse) and seller of counterfeit products idear4busines.
Re:Bunker (Score:5, Interesting)
You have obviously never seen the ME in operation; I have, it was not pretty. I especially liked the skill with which on of the mounted leant really low in the saddle to beat his stick on the heads of two women treating an unconscious man.
Re:Bunker (Score:4, Interesting)
How many 20 megaton bombs have been used, and how many bunkers would withstand one?
More to the point, what materials are being used, then, that will withstand a 4,500 C cutting tool for any appreciable length of time?
Re:Bunker (Score:4, Interesting)
A 1MT bomb will obliterate the blast door.
I dont know that there are any materials we have that are designed to resist a point-blank nuclear bomb; generally the solution is "throw more concrete at it".
Re:Bunker (Score:2, Interesting)
For an instant; a 20MT bomb doesn't apply that heat for hours on end, in a very focused delivery mechanism. I work in a bunker designed to withstand a 10MT blast point-blank, and we routinely have to make structural modifications to accommodate equipment upgrades, etc. One can often hear jackhammers running for days on end, and the work is ultimately successful, despite a jackhammer delivering far less kinetic force than a 10MT nuclear weapon.
Re:Bunker (Score:4, Interesting)
All it takes to breach any bunker is a jackhammer. The big jackhammers mounted on heavy construction equipment eat through concrete and rebar with impressive speed - making a hole at several inches per minute.
Most concrete slabs can be removed by punching a few holes around the piece you don't like, then just knocking it a few times with the full weight of the excavator, shattering the concrete slab. If the bunker wall is a single concrete slab many feet thick, you'd just tamp some small explosives into the hole, remove a foot or so of concrete, then repeat.
Carving a roadway out of a granite cliff face is very low tech and well understood these days, and just making a hoe a few feet across in a thick concrete slab is in fact something that any construction demolitions company could do pretty easily with common equipment.
Re:Watch your clauses, people! (Score:4, Interesting)
I wonder if anyone can calculate the environmental impact of sending all those DDOS packets? Overall can it be claimed that spam and botnets are having an appreciable impact on the economy by wasting all that energy required to transmit all those pointless packets?