Russia's Yandex Says It Repelled Biggest DDoS Attack in History (yahoo.com) 39
head_dunce writes: A cyber attack on Russian tech giant Yandex's servers in August and September was the largest known distributed denial-of-service (DDoS) attack in the history of the internet, the company said on Thursday. The DDoS attack, in which hackers try to flood a network with unusually high volumes of data traffic in order to paralyse it when it can no longer cope with the scale of data requested, began in August and reached a record level on Sept. 5. "Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet," Yandex said in a statement. The previous record was held by Cloudflare, which said last month that it had mitigated a 17.2 RPS DDoS attack.
I'm stealing this one for my resume (Score:1)
This is an excellent spin on a negative event. It sure beats saying: "A new popular porn video came out. As a direct result, our search engine was completely unavailable for 24 hours".
Re: (Score:3)
In retalliation they got the largest botnet attack on record from a pay-per-use botnet. Someone paid for this use - it is all commercial operations now. Nothing personal. Just business. Based on the financial records of this organization which recently got breached and are available to read and analyze - I am not surprised. In the slightest. Pick them - they make
Arrr the maties. (Score:3)
Repelled, as in boarding party.
Re: (Score:2, Funny)
Re: (Score:1)
Re: (Score:2)
The peasants who revolted against the czar and created the Communist Party might disagree with you. Soviet air and water pollution is also pretty serious.
You missed a step.
The peasants and middle class revolted against the Tsar, who stepped down (on March 15th) when the military didn't follow orders. Then the Communists revolted against the middle class. In October. The Communists never fought the Tsar.
As usual light on the details (Score:2, Insightful)
So where did the requests come from ? what are their IPs/ASNs ? every single request came from an IP address so what are they ? so others can block them until its cleaned up.
This is an ongoing trend from so called security companies, nobody ever mentions the IP addresses or the carriers of these supposed DDOS attacks leaving everyone else vulnerable.
Yahoo is the best source ? really ?
Re:As usual light on the details (Score:4)
Most modern DDoS attacks are amplified. Meaning they use various vulnerabilities to bounce the attack off innocent machines, where sending a single packet at a amplifier machine results in many packets from it toward the target.
I.e. "what ip address did this come from" is an irrelevant question. The ip addresses you see hammering you do not belong to the attacker, but are what attacker has bounced their attack off to hit you.
Re: (Score:2)
Most modern DDoS attacks are amplified. Meaning they use various vulnerabilities to bounce the attack off innocent machines, where sending a single packet at a amplifier machine results in many packets from it toward the target.
Request based attacks are typically executed from botnets where there are a large yet fixed number of meaningful IP addresses.
Re: (Score:2)
Which is wholly irrelevant to the target, because blocking those addresses does nothing.
Re: (Score:2)
The requests in DDOS attacks always come from millions of compromised hosts and consumer IoT devices who are unknowing members of botnets.
Blocking their IPs is a completely futile affair because they will have new ones 2 days later.
Re: (Score:1)
Re: (Score:2)
Come on man, what country do many DDoS attacks originate from? Yup. We know it must be 127.0.0.1
DOD (Score:1)
That is quite the difference (Score:5, Funny)
Re: Is that a lot? (Score:2)
Yeah, it'd be a lot, and that it's sustained is the killer. Yandex isn't a big operation.
Caused by masses of compromised windows desktops (Score:2)
Re: (Score:2)
Doubtful. More like millions of IP cameras, speakers, doorbells, routers, NAS's, etc.
Re: (Score:1)
Unlikely as most people let Windows 10 auto update. The average user will have difficulty preventing updates on that.
It's more likely that it's from various other devices that home owners connect to the network which arn't auto update by default or have bad manufacturers who don't provide updates.
For example my parents are on a 400mbps connection and I know their home has multiple windows desktops, laptops, 4 IP cams, and possibly an NAS coming soon. Not to mention the 6 or so mobile devices from various br
Re: (Score:2)
Unlikely as most people let Windows 10 auto update.
Did you notice this story is from Russia?
Re: (Score:1)
DDOS caused by masses of compromised windows desktops out there on the Internet.
Did you notice this story is from Russia?
Did you notice the text of the post I was responding to? It is a general statement about DDOS attacks on the internet.
What? You can not handle it? (Score:2)
Maybe it's because I'm so sleepy, but I'm having trouble understanding what exactly you're actually trying to say.
> In fact, if you filter the bad actors and throttle the input you can easily handle essentially infinite requests per second though obviously not all will get filled.
If you have something in front that can "throttle the input", you can successfully not fulfill requests?
Yeah, if you had a magic upstream device that throttles it to one request per second, you could indeed (not) handle that one
Re: (Score:3)
"filter the bad actors and throttle the input (via switch, router, iptables, etc)"
"filtering the bad actors" would entail receiving them all and identifying which are bad. And when the next packet from them comes in, you STILL need to receive it, identify that its bad and discard it (yes you can potentially do this closer to the wire so its more efficient, but on some level you've got to be able to physically receive and process (at some layer) all the traffic coming in. You still need the capacity and bandwidth to process all of it.
SO, sure you can keep a server standing by putting anot
Re: (Score:2)
filter the bad actors and throttle the input
"We're under DDoS attack!"
"Turn off all the screens displaying William Shatner! That'll show `em!"
Note: It is fairly straightforward to handle 4m requests per second if you can serve them from a static cache and they all send you complete and well-formed headers in a timely manner. Can you imagine asking a VPS to keep track of 10m open connections, though?
As if (Score:1)
reached a record level on Sept. 5. "Our experts did manage to repel a record attack of nearly 22 million requests per second
I think that was around the time Britney released a bunch of photos of herself holding her own boobs wait what is that between her fingers surely one of the other photos is more clear let's search...
Re: (Score:2)
Thank God for google image search!
Cloudflare need better routers (Score:5, Funny)
Suspicious (Score:3)
Interestingly, when they stopped all outgoing traffic, the attacks stopped.
So Cloudflare is running WordPress? (Score:2)
WordPress can handle about 17.2 RPS before it hits a performance wall that few have ever been able to get past. Removing the software altogether usually solves the problem.