Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IT Technology

Cloudflare Blocked a Massive 2 Tbps DDoS Attack (techcrunch.com) 18

Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded. From a report: The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things (IoT) devices and unpatched GitLab instances. The DDoS attack comes just two weeks after Rapid7 warned of a GitLab vulnerability -- rated a full 10.0 on the CVSS severity scale -- that could be exploited to allow an attacker to remotely run code, like botnet malware, on an affected server. Rapid7 found that at least half of the 60,000 internet-facing GitLab instances remain unpatched, and warned that it expected "exploitation to increase" as details of the bug became public. The company wasn't wrong; Cloudflare said it blocked the massive DDoS attack just one week later. From its analysis of the attack, Cloudflare believes that it was a multi-vector attack that combined both DNS amplification attacks along with UDP floods.
This discussion has been archived. No new comments can be posted.

Cloudflare Blocked a Massive 2 Tbps DDoS Attack

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Tuesday November 16, 2021 @12:57PM (#61993691)

    That CloudFlare is such a great service to the internet that they've owned the right to control access to - and monitor - a solid third of it, and deny you access willy-nilly if you try to connect from an IP they don't like?

    Fuck CloudFlare. Fuck DDoSes too, but fuck CloudFlare first.

    • by Valgrus Thunderaxe ( 8769977 ) on Tuesday November 16, 2021 @01:08PM (#61993715)
      They've already shut down certain sites behind their virtual iron curtain because they didn't agree with the political content hosted on those sites.
    • That's fine but where do we go from here? Apparently without a central authority policing connections (such as paying cloudflare), you can be driven offline by a DOS at will. That is a really central problem for something we'd like to remain distributed.
    • "Own the right"? More like people voluntarily sign up for their service. "Willy-Nilly?" Welcome to the consequences of address spoofing. "Honest officer, it wasn't me. It's my doppelganger."

    • by tlhIngan ( 30335 )

      That CloudFlare is such a great service to the internet that they've owned the right to control access to - and monitor - a solid third of it, and deny you access willy-nilly if you try to connect from an IP they don't like?

      Fuck CloudFlare. Fuck DDoSes too, but fuck CloudFlare first.

      Or use a better service that people don't abuse. Most of that DDoS came from those IPs you're complaining about - because people in general are idiots and we can never have a good thing. Put up a Tor exit node and it'll be banne

    • Also, this notion that Cloudflare has some super cool technology is bullshit too... they basically broke the DNS standard by creating their own authoritative nameservers that refuse to resolve hostnames if they detect bot activity. It's not really all that innovative. And it requires participating sites to give Cloudflare authoritative DNS control, which is another security issue.

  • by splutty ( 43475 ) on Tuesday November 16, 2021 @01:16PM (#61993727)

    So much for 'routing around the problem'..

    • I tend to agree. But what does it mean when all the routes have been flooded with garbage by assholes? Everyone should have Cloudflare's ability to block attacks of this size/nature?

      • Criminals: "Free" resources to do bad things.
        Victims: "Free" resources to counter the criminals.
        Reality: Someone ends up paying.

  • The day I swoon over Cloudflare is the day hell is going to need snowplows.

      They are a blight on the internet, and if somebody manages to send Cloudflare crashing and burning they would be doing the internet a favor.

  • Is there any way to identify which IoT devices are vulnerable these days?

    • by zeeky boogy doog ( 8381659 ) on Tuesday November 16, 2021 @05:44PM (#61994625)
      Here's your flowchart:

      [ Is it an IoT device? ] -- Y -- > [ It's vulnerable ]

      Just for starters, the Linux TCP/IP stack has gotten a whole bunch of scrutiny, but a great many embedded stacks have not... https://www.darkreading.com/vu... [darkreading.com] ... And these aren't "this one device from one manufacturer has a bug" vulnerabilities. These are packs of dozens of vulnerabilities found in dozens of ethernet stacks that have been embedded in things for literally decades now. Hell's bells, I'm pretty sure that my 17 year old WaveRunner oscilloscope is susceptible because it's running a suitably ancient version of the Vxworks embedded RTOS stack.

You know you've landed gear-up when it takes full power to taxi.

Working...