If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   That massive internet war was actually just a massive internet marketing scheme   (gizmodo.com) divider line 49
    More: Followup, Akamai, DDoS, apocalypses, Spamhaus, internet traffic  
•       •       •

17254 clicks; posted to Main » on 28 Mar 2013 at 10:32 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



49 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2013-03-28 10:32:48 AM  
The internet is for....
 
2013-03-28 10:36:46 AM  
Needs an Obvious tag. I was thinking BS all along.
 
2013-03-28 10:37:22 AM  

Big Man On Campus: The internet is for....


Kids to post embarrassing photos/posts that will haunt them later in life.

/some of that is amateur p0rn.
 
2013-03-28 10:43:11 AM  
www.examiner.com

The internet?  Is that thing still around?
 
2013-03-28 10:45:54 AM  
FTFA: That's really happening: as far as we can tell.

That's journalist for "We don't know WTF is going on, as usual, but it won't stop us from writing about it as if we do. Trust us. We're a world leader in journalism. Now watch this slide show of Snookie's pregnancy. And trim that belly fat in 7 days!"
 
2013-03-28 10:47:09 AM  

joonyer: That's journalist for "We don't know WTF is going on, as usual, but it won't stop us from writing about it as if we do. Trust us. We're a world leader in journalism. Now watch this slide show of Snookie's pregnancy. And trim that belly fat in 7 days!"


Didn't read the rest of the article, did you?
 
2013-03-28 10:47:43 AM  
Label all involved as terrorist for interfering with international commerce.
 
2013-03-28 10:49:04 AM  
Great.  So now I have to decide to be honest, apologize, and stop using it as advertising for my own paid internet security service, or ignore this new bit of info and keep banging the war drums.

It's like a Mass Effect Blue/Red trigger thing.
 
2013-03-28 10:51:18 AM  
Not terribly surprising, but I wanted it to be true.  It would have been an easy explanation for youtube running even more like shiat than usual.
 
2013-03-28 10:51:22 AM  
Knowing people who work in places like Akamai and are currently dealing the effects of this, I'll tell you the truth lies somewhere in between the overblown headlines and the "Keep calm, everything is under control" stance of this article.
 
2013-03-28 11:00:42 AM  

Fluorescent Testicle: joonyer: That's journalist for "We don't know WTF is going on, as usual, but it won't stop us from writing about it as if we do. Trust us. We're a world leader in journalism. Now watch this slide show of Snookie's pregnancy. And trim that belly fat in 7 days!"

Didn't read the rest of the article, did you?


Oh but I did. They regurgitated other people' speculations, and propagated a non-story. Similar to most online news where substance matters much less than page views.
 
2013-03-28 11:07:28 AM  

Fluorescent Testicle: joonyer: That's journalist for "We don't know WTF is going on, as usual, but it won't stop us from writing about it as if we do. Trust us. We're a world leader in journalism. Now watch this slide show of Snookie's pregnancy. And trim that belly fat in 7 days!"

Didn't read the rest of the article, did you?


I did read the article, and more what I got from it was "the attack might have been real, it just didnt have the wide ranging affects claimed by media sources".  The article to me read more like an attack on bad reporting than an expose of a fake attack.
 
2013-03-28 11:12:35 AM  

WinoRhino: Knowing people who work in places like Akamai and are currently dealing the effects of this, I'll tell you the truth lies somewhere in between the overblown headlines and the "Keep calm, everything is under control" stance of this article.


Indeed.  This a major attack, both in terms of its size and how openly cyberbunker claimed responsibility for criminal acts.   (Cyberbunker later recanted their claims for responsibility, but still, businesses rarely do anything but covering their asses.)

This isn't the first time that spamhaus (and other anti-spam organizations) have been attacked by spammers/scammers and it won't be the last.   I'm glad spamhaus is weathering the attack and I hope this results in more places implementing BCP38, closing open DNS resolvers.and/or implementing rate-limiting on DNS resolvers.   The particular attack that cyberbunker used is not the only attack that can be made with DNS.
 
2013-03-28 11:13:02 AM  
Internet marketers hate me. I discovered one strange tip to avoiding internet marketing wars.
 
2013-03-28 11:20:03 AM  

wrs1864: I'm glad spamhaus is weathering the attack and I hope this results in more places implementing BCP38, closing open DNS resolvers.and/or implementing rate-limiting on DNS resolvers. The particular attack that cyberbunker used is not the only attack that can be made with DNS.


I just want to see ISPs start farking implementing egress filtering from their networks. If they just configured their border routers to drop any packets coming from inside their network with a source IP that's not in their assigned range, DDOSes like this couldn't happen.
 
2013-03-28 11:21:27 AM  
Hold on a second.  Did I just read a Gizmodo post that was NOT a repackaged blog post from someone else's site?

I feel dizzy.
 
2013-03-28 11:22:58 AM  

WinoRhino: Knowing people who work in places like Akamai and are currently dealing the effects of this, I'll tell you the truth lies somewhere in between the overblown headlines and the "Keep calm, everything is under control" stance of this article.


^This

So I guess tomorrow's story about the retaliation today will be all about how the story sparked copycats.
 
2013-03-28 11:27:38 AM  

wrs1864: WinoRhino: Knowing people who work in places like Akamai and are currently dealing the effects of this, I'll tell you the truth lies somewhere in between the overblown headlines and the "Keep calm, everything is under control" stance of this article.

Indeed.  This a major attack, both in terms of its size and how openly cyberbunker claimed responsibility for criminal acts.   (Cyberbunker later recanted their claims for responsibility, but still, businesses rarely do anything but covering their asses.)

This isn't the first time that spamhaus (and other anti-spam organizations) have been attacked by spammers/scammers and it won't be the last.   I'm glad spamhaus is weathering the attack and I hope this results in more places implementing BCP38, closing open DNS resolvers.and/or implementing rate-limiting on DNS resolvers.   The particular attack that cyberbunker used is not the only attack that can be made with DNS.




War always farks the little guys. Say goodbye to a revenue stream, small business owner.
 
2013-03-28 11:28:22 AM  
Well it's a good thing I never gave a fark to begin with.
 
2013-03-28 11:36:36 AM  

DammitIForgotMyLogin: I just want to see ISPs start farking implementing egress filtering from their networks. If they just configured their border routers to drop any packets coming from inside their network with a source IP that's not in their assigned range, DDOSes like this couldn't happen.


uRPF can go a long way, but it isn't usable at the level CyberBunker appears to be operating at.  Once you get into the routing big leagues (basically, any router that has BGP transit peers), there's no clear way to determine what's "inside" and "outside" anymore.  Given the sort of hosting services CyberBunker provides, I would expect them to be in a position to send packets to upstream interfaces that have close to limitless valid ingress.
 
2013-03-28 11:42:11 AM  
Wait, people lie on the internet? These pills won't make my penis larger?
 
2013-03-28 11:47:05 AM  

chrylis: DammitIForgotMyLogin: I just want to see ISPs start farking implementing egress filtering from their networks. If they just configured their border routers to drop any packets coming from inside their network with a source IP that's not in their assigned range, DDOSes like this couldn't happen.

uRPF can go a long way, but it isn't usable at the level CyberBunker appears to be operating at.  Once you get into the routing big leagues (basically, any router that has BGP transit peers), there's no clear way to determine what's "inside" and "outside" anymore.  Given the sort of hosting services CyberBunker provides, I would expect them to be in a position to send packets to upstream interfaces that have close to limitless valid ingress.


Is it not more likely that the spoofed DNS packets which are causing this attack are being sent from a botnet army of zombies on residential ISPs than directly from Cyberbunker's servers?
 
2013-03-28 11:49:44 AM  
I just the other day got... an Internet that was sent by my staff at 10 o'clock in the morning on Friday. I got it yesterday. Why? I thought at first it was this, but it turns out it got tangled up with all these things going on the Internet commercially.  It's was delayed by enormous amounts of material, enormous amounts of material.
 
2013-03-28 11:57:31 AM  

WinoRhino: Knowing people who work in places like Akamai and are currently dealing the effects of this, I'll tell you the truth lies somewhere in between the overblown headlines and the "Keep calm, everything is under control" stance of this article.


...  What you just wrote is in direct conflict with what is in the article.  Frankly, I don't trust either of you.  So I called my uncle that runs a root DNS server.  Nothing unusual this week.

I'm also wondering if any of you have the foggiest idea what it would take to really "shake the foundations" of the internet.  I'm thinking the answer is no.  This attack broke 300gbps to the target, which is impressive.  Just about enough traffic to swamp the hosting center of the target.  1 host, out of millions.
 
2013-03-28 11:58:57 AM  
FWD:Fwd:fwd:Obama Nearly Causes the Internet to Implode!
 
2013-03-28 12:03:01 PM  
 
2013-03-28 12:08:43 PM  

Fubegra: Needs an Obvious tag. I was thinking BS all along.


Yea, I recall seeing wording like "this kind of attack would have taken down anyone/anywhere else" and I raised an eyebrow.

Also, the 300Gbps seemed like a relatively small number when speaking of the global internet.
 
2013-03-28 12:21:57 PM  

Kahabut: I'm also wondering if any of you have the foggiest idea what it would take to really "shake the foundations" of the internet.  I'm thinking the answer is no.  This attack broke 300gbps to the target, which is impressive.  Just about enough traffic to swamp the hosting center of the target.  1 host, out of millions.


*holding up hands like a scale*
On the one hand I have direct personal experience with what is happening, but on the other hand I have a random guy on Fark saying I don't know what I'm talking about. Hrm... But then again, to him, I'm a random guy on the Internet, and apparently he has an uncle of some sort who he consults with immediately when he suspects a post on Fark is shenanigans... even when that post is taking a moderate approach. Yeah, this one is a toss up.
*big farking roll eyes*
 
2013-03-28 12:32:31 PM  
Did notice Pornhub was a little slow.
 
2013-03-28 12:44:30 PM  
IF THIS WERE A VIRUS
YOU WOULD BE DEAD NOW
FORTUNATELY IT'S NOT
THE METAVERSE IS A DANGEROUS PLACE;
HOW'S YOUR SECURITY?
CALL HIRO PROTAGONIST SECURITY ASSOCIATES
FOR A FREE INITIAL CONSULTATION
 
2013-03-28 12:48:31 PM  

WinoRhino: *holding up hands like a scale*
On the one hand I have direct personal experience with what is happening, but on the other hand I have a random guy on Fark saying I don't know what I'm talking about. Hrm... But then again, to him, I'm a random guy on the Internet, and apparently he has an uncle of some sort who he consults with immediately when he suspects a post on Fark is shenanigans... even when that post is taking a moderate approach. Yeah, this one is a toss up.
*big farking roll eyes*


Fine, here's another random guy who gets woken up in the middle of the night when things go to hell. I slept like a baby! No one noticed in NA! No one cared! This isn't even a blip in the middle of March Madness. But you don't have to take my word for it. As a man of the webs, you know where to go to get traffic stats and news. Go ahead, go grab anything that backs up this world shaking event in any way and bring it to our attention.
 
2013-03-28 12:56:09 PM  
Send few bytes to dns resolver, they send bytes times 10 to site you want to attack. Profit?
 
2013-03-28 01:25:13 PM  
I guess I can talk about this, 20+ years on.

In the early 90's there was a govermnent edict that all major government agencies had to coordinate cyber attack information. Being government, the D of Energy waited until the last minute and then hired some very expensive contractors to make it happen including myself.

The DOE for obvious reasons gets a lot of attacks on a given day, and has some absolute geniuses working for them, don't get me wrong. They had some pretty tight IDSs, but none of them were coordinated. My team was tasked with making sure that *if* there was a real attack and not just 10,000 dumb kids banging their heads on the firewalls at national labs, they'd be able to recognize that.

I'm *hoping* we succeeded at our job. *IF* there was a full-on cyberwar, that should have been pretty obvious at some offices in the Washington DC metro area.

Later I did some work for a big company, now bought by a bigger company... Let's just say they make power tools and had an orange, hexaganal logo and had plants all over the planet. They got thousands of attacks every day as well, mostly from eastern Europe. Same story... There are systems in place to tell the difference between day-to-day dumbass hacker traffic and major attacks.

A sad thing, organizations concerned about their journalistic reputation didn't bother to ask "Hey... Maybe there are entities who might know something about this?"
 
2013-03-28 01:25:39 PM  
Well, we don't want the smoking gun to be a mushroom cloud, now do.we?
 
2013-03-28 01:28:30 PM  
Crap... Maybe I *shouldn't* be talking about this... That was 10 years ago, not 20.
 
2013-03-28 01:41:18 PM  

Cybernetic: Wait, people lie on the internet? These pills won't make my penis larger?


Only if you stuff em all in the end.
 
2013-03-28 01:46:00 PM  

WinoRhino: Kahabut: I'm also wondering if any of you have the foggiest idea what it would take to really "shake the foundations" of the internet.  I'm thinking the answer is no.  This attack broke 300gbps to the target, which is impressive.  Just about enough traffic to swamp the hosting center of the target.  1 host, out of millions.

*holding up hands like a scale*
On the one hand I have direct personal experience with what is happening, but on the other hand I have a random guy on Fark saying I don't know what I'm talking about. Hrm... But then again, to him, I'm a random guy on the Internet, and apparently he has an uncle of some sort who he consults with immediately when he suspects a post on Fark is shenanigans... even when that post is taking a moderate approach. Yeah, this one is a toss up.
*big farking roll eyes*


Tough choice, so why don't you lay out your "direct personal experience" so that we can all judge it?  Or do you want to continue with the "I know a guy" routine?

I work in the biz, I'll bet you do to.  I'm betting if we really got down to it, we could throw names all day.  Frankly, I have nothing better to do today, so... which is it gonna be?
 
2013-03-28 02:02:34 PM  
The worst part being, any one of those "news" organizations probably could have asked their IT manager what was going on.

"Is there a ginormous cyberattack going on?"

"um... No, a fair amount of zombie traffic, but that happens every so often..."

But then they wouldn't be news organizations.
 
2013-03-28 02:30:36 PM  

Big Man On Campus: The internet is for....


cats, cats, cats cats, cats, cats porn

\so, pussy i guess
 
2013-03-28 03:19:33 PM  
FTFA:  Why haven't there been any reports of Netflix outages, as the New York Times and BBC reported?

Maybe I am reading this wrong, but are they trying to say that there were no reports, even though there were reports?  I assume what happened was that the sources NYT and BBC used were inaccurate, but this question the article poses to its readers seems to ask why they (the readers) didn't notice any reports of outages, other than the outages that were reported by supposedly reputable sources.  So is this bad writing, or just a dumb question?
 
2013-03-28 03:33:08 PM  

Jirafa: Maybe I am reading this wrong, but are they trying to say that there were no reports, even though there were reports? I assume what happened was that the sources NYT and BBC used were inaccurate, but this question the article poses to its readers seems to ask why they (the readers) didn't notice any reports of outages, other than the outages that were reported by supposedly reputable sources. So is this bad writing, or just a dumb question?


No actual reports by Netflix or downrightnow.com or similar sites that actually track this stuff in real time. In other words, someone was fibbing and NYT and BBC ran with it without checking primary sources.
 
2013-03-28 03:41:06 PM  

Fluorescent Testicle: joonyer: That's journalist for "We don't know WTF is going on, as usual, but it won't stop us from writing about it as if we do. Trust us. We're a world leader in journalism. Now watch this slide show of Snookie's pregnancy. And trim that belly fat in 7 days!"

Didn't read the rest of the article, did you?


Why bother it is a gawker link, it's going to be as factual as Ancient Aliens with a high probability of being click bait directly linked to the aforementioned advertising campaign.

They're a known known in this regard.
 
2013-03-28 04:27:52 PM  
And amazingly, they (both media AND this article) missed the actual major story in this--that a known "pink provider" is now engaging in attempted attacks on the infrastructure of the Internet itself to knock out a known blocklist provider.  (Spammers and the "pink providers" hosting their services have been increasingly entangled in frank malware use and distribution (and organised crime, particularly Russian organised crime networks) for the better part of a decade--most malware out there nowadays is designed to set up botnets for both spewing out spam and for hosting spamvertised sites via fast-flux networks--but they haven't tried fairly massive DDoS's before to this scale using a known DNS vulnerability.)

And no, it probably wouldn't have caused effects in North America, but in Europe is a different story. :D  (We would possibly see slowdowns in Amazon traffic if, for instance, Spamhaus were hosted on Amazon's hosting services.)

The actual story in this is that there are flaws in DNS as a protocol (some of which have been in the protocol since literally the conversion from NCP to TCP/IP back in 1983) and there has been some extreme inertia in implementing fixes to these flaws.  And spammers, being the hive of scum and villany that they are and have been for the better part of two decades, are now exploiting these holes to try to knock off the one thing that's been somewhat effective in keeping Internet email from suffering the same fate as non-binary Usenet forums--operators of realtime blackhole lists that list known zombied boxes, "pink hosts" (spam-friendly providers), and domains associated with known spamgangs.

(Well, there WAS one other effective method--state laws that treated spam the exact same way as junk faxes, and which allowed private citizens to sue spammers for damages.  Unfortunately, in the US all of these laws went away with the (all too appropriately named) CAN-SPAM Act--so-called as all too appropriate by anti-spam activists because it meant that a spammer CAN spam you at least once.)

(Of course, now that spam operations took the same tack as illegal telemarketers do now (specifically, host their operations overseas in areas where extraditing the perps is tricky at best if not functionally impossible) and since spam (in all its forms including SPIT-related telemarketing fraud and forum spam) is increasingly a subset of the malware problem, legislative approaches aren't likely to work anymore unless spamming is included in the federal laws that classify major computer compromises as felonies.)

At the very least, I now have a new provider to add to my ZBBlock list on my domain :D
 
2013-03-28 04:57:25 PM  

Kahabut: ...  What you just wrote is in direct conflict with what is in the article.  Frankly, I don't trust either of you.  So I called my uncle that runs a root DNS server.  Nothing unusual this week.


Which one? I'm genuinely curious. I used to work for Paul Vixie way, way back in the day. I got to see the F root server back in the early days.

Also, there's no evidence that the bad guys were attacking the root DNS servers. Rather, they were abusing millions of DNS servers that are open recursors and using them as amplifiers.

I'm also wondering if any of you have the foggiest idea what it would take to really "shake the foundations" of the internet.  I'm thinking the answer is no.  This attack broke 300gbps to the target, which is impressive.  Just about enough traffic to swamp the hosting center of the target.  1 host, out of millions.

Sure, but as CF said, they spread out the attack using anycast and multiple hosting facilities so their infrastructure really was't affected. The attackers then started targeted specific upstream infrastructure that's not anycasted. If you start hitting certain systems hard enough (like individual routers at an exchange) you can cause disruptions of inter-network connectivity. Sure, they're not going to knock out AMS-IX or LINX entirely, but there's definitely the possibility of causing disruption and saturation of certain links.
 
2013-03-28 05:03:01 PM  

Hack Patooey: Cybernetic: Wait, people lie on the internet? These pills won't make my penis larger?

Only if you stuff em all in the end.


Well then it's all good, because that's what the instructions say.
 
2013-03-28 10:04:52 PM  
Some of the smaller root name servers seem to have been slowed by this but nearly everyone uses anycast so the effects were very regional and that server would be dropped out of the query list for a while and most people that did see it would have only seen an occasional page load slowly while their browser was trying to look up the address of some web tracking bug or email might have taken a fraction of a second longer to be delivered.
 
2013-03-28 10:25:57 PM  

Rhames: [www.examiner.com image 300x518]

The internet?  Is that thing still around?


Aye. They even have the internet on computers now.

/Obscure?
 
2013-03-28 10:30:39 PM  

iron de havilland: Rhames: [www.examiner.com image 300x518]

The internet?  Is that thing still around?

Aye. They even have the internet on computers now.

/Obscure?


I think I just logged on to the internet
 
2013-03-29 12:52:25 AM  
I wasn't able to log into PayPal for a couple hours. But then again, it was a day ending in 'y'.
 
Displayed 49 of 49 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report