Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet Spam Technology

Largest DDoS In History Reaches 300 Billion Bits Per Second 450

An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."
This discussion has been archived. No new comments can be posted.

Largest DDoS In History Reaches 300 Billion Bits Per Second

Comments Filter:
  • by Looker_Device ( 2857489 ) * on Wednesday March 27, 2013 @08:31AM (#43290869)

    The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.

    I think what they meant to say here was: "The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist."

  • Bunker (Score:5, Funny)

    by ISoldat53 ( 977164 ) on Wednesday March 27, 2013 @08:37AM (#43290925)
    The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.
    • Cutting their communication lines was the first thing I thought of too. Then cutting their power lines. I may not have enough cofee in me to calm me down this morning but visions of the Dirty Dozen [wikipedia.org] dumping fuel and grenades into their bunker came to mind. }:D
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      It is. It is a literal bunker, that is also a datacenter, run by a company of the same name.
    • Re:Bunker (Score:5, Informative)

      by Psyborgue ( 699890 ) on Wednesday March 27, 2013 @08:46AM (#43291055) Journal
      It is a bunker. And it's not so simple, as this swat team [cyberbunker.com] discovered.
      • Comment removed based on user account deletion
        • Re:Bunker (Score:5, Informative)

          by JaredOfEuropa ( 526365 ) on Wednesday March 27, 2013 @09:00AM (#43291221) Journal
          That is not a SWAT team, those guys would be better armed and a little more bullet proof. This is just Dutch police in riot gear, of which these woven bamboo shields are a standard component. According to an ME (riot police) buddy, the bamboo shields are pretty good, lighter than the more common plastic shields, and more flexible, meaning they are better at deflecting thrown objects. The only disadvantage is that they do not stand up well to stab weapons, which has not really been an issue until a group of squatters defended themselves with iron pipes with large spikes capable of puncturing these shields.
        • Re:Bunker (Score:4, Funny)

          by rvw ( 755107 ) on Wednesday March 27, 2013 @10:23AM (#43292423)

          That picture is hilarious! Are those medieval shields?

          This is the Netherlands. Those shields are made of weed. They are softer on the rioters, who cool down easier when this is used.

          • Re:Bunker (Score:5, Interesting)

            by EasyTarget ( 43516 ) on Wednesday March 27, 2013 @10:43AM (#43292747) Journal

            You have obviously never seen the ME in operation; I have, it was not pretty. I especially liked the skill with which on of the mounted leant really low in the saddle to beat his stick on the heads of two women treating an unconscious man.

      • Heh, if true that is funny. I have some doubts as to the veracity of the story though, if a SWAT team wants in, in it is going to get. Unless the Dutch have them walking the beat or something and this is the SWAT equivalent of checking the doorhandles.

      • by kubajz ( 964091 )
        Call me skeptical, but I am not so sure that a) SWAT teams have round leather shields, b) all members of the team raise their shields int the very same moment, c) they all wear gas masks but no firearms, but hold batons in their hands although nobody is in sight, d) a camera from within the bunker is so nicely positioned to take a picture of the team. Could it be a nice publicity gimmick instead?
      • It's really simple, hey judge can you issue an order to cut of there internet access. Sure. Hand order to there peers. No fiber need be harmed when you can just shut down the port at the far end.

        That ass said I doubt that the traffic originates from cyberbunker they do not have 30 10ge connections.

      • Re:Bunker (Score:5, Insightful)

        by GreenTom ( 1352587 ) on Wednesday March 27, 2013 @10:15AM (#43292295)
        I don't know..I'm not a combat engineer, but I don't think any bunker can last long if determined professionals are allowed to freely operate outside it. "nuclear bunker" means certain things about tolerance to over pressure, shock, contaminated air, etc., but doesn't do all that much against people with jackhammers and drills. The wikipedia page says the cyberbunker has 5 meter thick reinforced concrete walls, which would probably keep you and me out, but I'm sure can be defeated in time with civil engineering equipment. Beyond that, if you've got guys who know what they're doing poking around outside the bunker, there's whole worlds of things they can do.

        These Danish cyberbunker people seem to share a mindset with the U.S. Ruby Ridge crowd, and they're both wrong. Making yourself an immobile target and defying state power in a developed nation really only has two outcomes: either you're not enough of a nuisance to provoke action, or you get crushed.
        • Re:Bunker (Score:4, Insightful)

          by Runaway1956 ( 1322357 ) on Wednesday March 27, 2013 @11:47AM (#43293539) Homepage Journal

          Ruby Ridge crowd? Uhhhmmmm - how many people were in that "crowd" that you refer to? And - the guy didn't make himself an "immobile target" exactly. That's just kinda sorta the thing that happens when you start raising a family. It's tough to raise kids on horseback, or in a Greyhound bus, or whatever.

          https://en.wikipedia.org/wiki/Ruby_Ridge [wikipedia.org]

          Three adults, one kid, versus a myriad of entangled government agencies.

          Perhaps you're confusing Ruby Ridge with Waco? There was a real crowd in Waco.

        • by nbauman ( 624611 )

          I'm sure can be defeated in time with civil engineering equipment.

          You could ask those guys who bore railroad tunnels through the alps.

    • by MrMickS ( 568778 )

      The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.

      Interesting that people on Slashdot really think that the DDOS attack is being co-ordinated from hosts housed in the Cyberbunker hosting site. Are people really that out of touch with how botnets and DDOS attacks are managed?

  • Guess what.. If they ever find out who is responsible: I'll bet you $10 that it will be a 15 year old without friends.
    • by sycodon ( 149926 )

      Noo...."Reeesearchers"!

  • from tfa: (Score:4, Insightful)

    by Anonymous Coward on Wednesday March 27, 2013 @08:41AM (#43290977)

    “These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare. “It’s so easy to cause so much damage.”

    relax dude, its just spam, not nuclear warfare. shut the computer off and go outside for a couple of hours.

    • by cdrudge ( 68377 )

      It's just a comparison. With a nuclear war, the target may be destroyed, but there is always going to be collateral damage to innocent around the target. With this attack, it's very powerful (like a nuclear bomb) and it has affected many unrelated, innocent companies/users (like a nuclear bomb).

      Shutting off the computer and going outside may work for John Q. Public when his favorite gaming server is experiencing high latency as a result. When your job is to consult to prevent or mitigate this specific att

  • don't RTFA (Score:5, Funny)

    by slashmydots ( 2189826 ) on Wednesday March 27, 2013 @08:44AM (#43291025)
    WARNING: if you attempt to RTFA, you will also be bombarded by a DDOS of spam ads. I appreciate the realism but it's kinda annoying.
    • Standard fare for nytimes.com. Maybe for all on-line news sites now. Fortunately, /. users have things like ad-block and no script that keeps us safe.
  • Old is new again (Score:5, Informative)

    by Papa Legba ( 192550 ) on Wednesday March 27, 2013 @08:44AM (#43291027)

    I find it very interesting that they are using a variation on the Old Smurf attacks for this. Sending a message to other places that work as an amplifier. You would think that after 10 years we would have learned that blind, unchecked, forwarding is not a good thing.

    • Unfortunately, too many DNS configurations can be used for amplification, because the responses are larger than the queries, especially if you've got new and interesting record types like DNSSEC, and too many ISPs still ignore the Best Current Practices #38 recommendation on blocking spoofed traffic. RPF is your friend.

      There's some mitigation out there because the bigger response record types don't always fit in a single UDP packet, so DNS servers may handle them over TCP (which is harder to forge), and ma

  • by Quick Reply ( 688867 ) on Wednesday March 27, 2013 @08:48AM (#43291075) Journal

    With an operator no doubt facilitating illegal actions of their customers, and refusing to no doubt enfore court orders to disconnect their customers for said actions, couldn't a case be made to disconnect them from THEIR upstream providers because they are now acting illegally but not following court orders, presuming that their upstream providers follow court orders, and the upstream upstream until you get to a legitimate entity. It seems quite an shortcoming of the law that they can act with impunity while allowing their customers to bring down the very fabric of the world wide web.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      to disconnect them from THEIR upstream providers

      That's about the start of the online war. Though disconnection was not by court orders, but by spamhaus' actions.

      Years ago cyberbunker was already sending out spam. When spamhaus got sick of the actions of cyberbunker, they put A2B internet, the uplink for cyberbunker, on the blacklist in order to force A2B to disconnect cyberbunker. While cyberbunker should have been killed a decade ago, the A2B IP range affected did not send out spam. Spamhaus abused their power to force a (mostly) legal company to discon

      • by Onymous Coward ( 97719 ) on Wednesday March 27, 2013 @10:48AM (#43292817) Homepage

        The different lists published by Spamhaus distinguish whether the IPs are directly responsible or are organizationally related. There is no abuse of power here — customers subscribe to the lists that they want, and use those lists to block as they see fit. Spamhaus isn't forcing anyone to use the lists, nor is it misrepresenting what's in the lists.

  • by Gorath99 ( 746654 ) on Wednesday March 27, 2013 @08:48AM (#43291079)
    From the summary:

    Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so.

    From TFA:

    Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team. “Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”

    In other words: Cyberbunker is not currently under assault by police, and we have only their word that they ever have been. I suspect that at one time they were successful in having visiting cops think nobody was home by being real quiet and quickly turning off all the lights.

    • From the summary:

      Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so.

      From TFA:

      Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.

      “Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”

      In other words: Cyberbunker is not currently under assault by police, and we have only their word that they ever have been. I suspect that at one time they were successful in having visiting cops think nobody was home by being real quiet and quickly turning off all the lights.

      Why would you turn the lights off? It's very apparent visually, and confirms people are there. I'd leave them alone, people leave some lights on in their house... or bunker, even when absent.

    • by Psyborgue ( 699890 ) on Wednesday March 27, 2013 @08:59AM (#43291207) Journal
      You realize Cyberbunker is situated in a bunker designed to survive a nuclear war [cyberbunker.com]. It was designed to function independently for 10 years. Not sure how long that would work with the servers at full load, but i'd think they could still run their generators for quite some time without interruption.
      • You realize Cyberbunker is situated in a bunker designed to survive a nuclear war. It was designed to function independently for 10 years. Not sure how long that would work with the servers at full load,

        Right up until someone cut comms with a multi-tool.

      • Fiber connections (Score:3, Insightful)

        by phorm ( 591458 )

        Well, I'd assume to be online they're probably going to have some sort of fiber-optic connection. Even if it's redundant, it's going to plug into the greater infrastructure somewhere and it shouldn't be *too* hard to sever if the police really had a mind to do so.

      • by 1u3hr ( 530656 ) on Wednesday March 27, 2013 @09:18AM (#43291461)

        You realize Cyberbunker is situated in a bunker designed to survive a nuclear war.

        You don't have to kill them. Just unplugging their Internet connection would be enough, Then padlock the door and wait till they knock on it and ask to be let out. How long could that be? A week at the outside?

        I don't believe the bullshit about then fending off SWAT teams anyway. That's what they say on their own website. No government really cares about spam enough to send in a SWAT team. It's all "protected commercial speech", and plenty of assholes in government are happy to let them do it. If they gave a shit, they know who is DDOSing and exactly where they are. They could arrest them. Freeze their bank accounts. Turn off their electricity, water. But they do nothing.

  • by 93 Escort Wagon ( 326346 ) on Wednesday March 27, 2013 @08:50AM (#43291105)

    From TFA:

    Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.

    The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.

  • From the article it suggests that the company was able to defend against there SWAT... can anyone that is fluent in Dutch find an article on that? I've tried looking for it in english but have had no luck. Sounds like quite the story.

    Still not sure why authorities didn't break out the fiber seeking backhoe to solve this problem if that company is legitimately holed up in what sounds like a minor siege.
    • by Njovich ( 553857 )

      Here it is: http://cyberbunker.com/web/swat.php [cyberbunker.com]

      Not sure what to make of this, doesn't directly sound like something that actually happened. But well, who knows.

    • by Shimbo ( 100005 )

      Still not sure why authorities didn't break out the fiber seeking backhoe to solve this problem if that company is legitimately holed up in what sounds like a minor siege.

      The evidence linking them to the attack is only circumstantial. Maybe they are responsible for the attack, maybe it was one of their clients. Either way, breaking the fiber won't make any difference.

    • See here [cyberbunker.com] for links to two seperate accounts of attempts at police action. It seems there was a misunderstanding with the local authorities over their use of a hardened bunker as a data center but it was later cleared up. Given they've hosted some torrent sites, I don't find it unreasonable to think these accounts might be accurate. Just ask Kim Dotcom or TPB whether SWAT is out of the question.
  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Wednesday March 27, 2013 @08:55AM (#43291157)
    Comment removed based on user account deletion
  • So where is the evidence that Cyberbunker has anything to do with this?

    I appreciate the things the Spamhaus people do, but they don't exactly have a spotless record when it comes to accurately pointing fingers.

    • by thaylin ( 555395 )

      So where is the evidence that Cyberbunker has anything to do with this?

      I appreciate the things the Spamhaus people do, but they don't exactly have a spotless record when it comes to accurately pointing fingers.

      Did you read the article? If you did you would have spotted this:

      Questioned about the attacks, Sven Olaf Kamphuis, an Internet activist who said he was a spokesman for the attackers, said in an online message that, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for “abusing their influence.” “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

  • Pfft. Amateurs (Score:5, Interesting)

    by smooth wombat ( 796938 ) on Wednesday March 27, 2013 @09:01AM (#43291241) Journal

    While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.

    A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.

    As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.

    On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.

    • Um what?

      Are you proposing that polive forces upgrade to being full armies in order to "pacify" non violent people who aren't even aware of police presence?

      It's not even like the people in the bunker were resisting arrest or anything. They had no idea the police were even there.

  • better articld (Score:5, Informative)

    by WGFCrafty ( 1062506 ) on Wednesday March 27, 2013 @09:05AM (#43291299)

    http://bbc.co.uk/news/technology-21954636 [bbc.co.uk]

    No b/s subscription paywall nonsense

  • by MrMickS ( 568778 ) on Wednesday March 27, 2013 @09:19AM (#43291475) Homepage Journal

    From TFA:

    “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

    I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.

    Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.

    • by geek ( 5680 )

      The answer is to get rid of email and replace it with something secure. The problem is, no one has stepped up to try it. Google Wave had promise in this area. Texting and instant messaging have chipped away at it a bit, but nothing has come out and replaced it.

      Email needs end to end encryption along with built in spam prevention. It needs to look and feel like it does now but with all the changes made on the backend as to make the transition for end users seamless.

  • by Marrow ( 195242 ) on Wednesday March 27, 2013 @09:23AM (#43291525)

    IF its a DDOS, then losing control of the stupid little robots will not make it stop, they will just be unstoppable. If you want to prevent DDOS, then you need to force ISPs to perform egress filtering of source addresses that are outside of their network. And also implement a choke protocol to inform the ISPs that they have a bad actor on their network.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...