×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

40-Gbps DDoS Attacks Worry Even Tier-1 ISPs

kdawson posted more than 5 years ago | from the isotropic-tsunami dept.

Security 146

sturgeon and other readers let us know that Arbor Networks has released their annual survey of tier-1 / tier-2 ISP security engineers. This year they got responses from 70 lead engineers. While DDoS attacks are reaching new heights of backbone-crushing traffic — 40 Gbps was seen this past year — the insiders are also worried about emerging threats to DNS and BGP. The summary notes that "Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat," but doesn't spell out what a better way of handling it might have been. All in all, the ISPs sound a bit pessimistic — one says "fewer resources, less management support, and increased workload." You can request the full PDF report here, but it will cost you contact information. In related news, an anonymous reader passes along a survey by Secure Computing of 199 international security experts and other "industry insiders" from utilities, oil and gas, financial services, government, telecommunications, transportation and other critical infrastructure industries. They are worried too.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

146 comments

let it collapse (3, Insightful)

nurb432 (527695) | more than 5 years ago | (#25724403)

Then perhaps we will fix some of the fundamental problems.

Re:let it collapse (4, Funny)

Anonymous Coward | more than 5 years ago | (#25724427)

nah we will just pay 700 billion to prop it up for a few months and let the next guy deal with it.

Re:let it collapse (2, Informative)

Spazztastic (814296) | more than 5 years ago | (#25724519)

nah we will just pay 700 billion to prop it up for a few months and let the next guy deal with it.

I think realistically 700 billion could fix the internet in the entire US. It would make up for the 200 billion we lost a few years ago.* Not only that we could use it to help our friends to the north.

* Article [webpronews.com] , first one I found about it.

Re:let it collapse (-1, Troll)

UNKN (1225066) | more than 5 years ago | (#25724829)

Screw Canadia! Nah just kidding, I like Canada, would be nice if we could actually help a country out, and not like we're helping out Iraq.

Re:let it collapse (4, Insightful)

0100010001010011 (652467) | more than 5 years ago | (#25724905)

The 700 billion would have been better spent setting up a Depression Era work force. After the bridge collapse in MN we've been hearing report after report about how the current infrastructure is falling apart around us. The electrical grid is rigged together worse than some college students' cars.

Suspend unemployment. (Anyone willing and able to work but cannot find a job). Start putting everyone to work doing something. Bus them to and from a work site up to X miles from your home.[0] Every major bridge that isn't going to make it gets the full 24/7 treatment. When one bridge is done. You move onto the next one. Everything trickles down. Every one of those workers is going to need food, haircuts, a trailer to live in (while at work). Trucking industry would pick back up doing loads of construction supplies. Domestic construction equipment manufacturers would need to up production Only other domestic MADE, no other equipment (Cat, Deere, etc). Build the roads to European standards (Autobahn and such).
Give the electric companies 2 choices: Fix your own damn shit with your profits or we fix it and lease it back to you or nationalize you.

Sure there are people that are going to bitch because they're used to their handout. But handouts aren't going to help anyone. Make everyone work.

It's not perfect but it's a hell of a lot better than handing it over to a bunch of people who managed to already lose $700b.

[0].M-F you live in work housing or you work 4 - 10s or 7 on 7 off.

Re:let it collapse (1, Insightful)

cdrguru (88047) | more than 5 years ago | (#25725127)

Back in the 1930's when construction was done by strong backs and no skills, that would have worked. And it did. Today, bridges are built by specialists with training. You want to drive on a bridge that was welded with by someone that never used one before? No? Neither does anyone else. The age of unskilled strong backs has ended. And we are discovering just how that relates to the "knowledge economy" now.

Face it, if everyone goes to college to learn how to be a "knowledge worker", who exactly will be working skilled construction jobs? Short answer is, nobody. And the harder getting a college education is pushed, the less chance we have of digging out of this hole.

Domestic construction equipement? Ha. Most of those products are made overseas now even through they have American manufacturer labels on them. It is cheaper to build a bulldozer in China and ship it to the US than to pay union scale wages plus deal with OSHA and environmental regulations. Unless we remove the US from WTO, we are stuck with making everything elsewhere - tariffs aren't legal anymore you understand. And any open-bid process would have to question why the government should spend 2x the money for "domestic made" equipment. Survival of the nation? Na, not a good enough reason.

Sure, I would like to see work camps replace welfare. If you are able-bodied you get nothing unless you are in a work camp doing something. Picking up trash, if nothing else. Cleaning up environmentally sensitive areas. Helping to build shelters for the homeless, whether they want them or not. But I think you would hear cries of "slavery" so much that the idea has no chance.

Re:let it collapse (2)

Hatta (162192) | more than 5 years ago | (#25725223)

Sure, I would like to see work camps replace welfare. If you are able-bodied you get nothing unless you are in a work camp doing something.

Why does it have to be a camp? Mandatory labor in exchange for benefits is a good idea, but relocating 6-10% of the US population into camps is just crazy.

Re:let it collapse (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#25725569)

Why does it have to be a camp? Mandatory labor in exchange for benefits is a good idea, but relocating 6-10% of the US population into camps is just crazy.

Can we start with the Jews?

Re:let it collapse (1)

negRo_slim (636783) | more than 5 years ago | (#25726063)

Mandatory labor in exchange for benefits is a good idea

Is it? You'd end up with many people who would come to rely on that 'job' and what do you do when you run out of tasks, knowing the government, an already inefficient method of using workers would become a giant money sink as they try and find more tasks and labor. And how would this prepare someone for any career other than the modern equivalent of ditch digging? What of professionals? Are they expected to devote their time and energy to work in exchange for food and or money?

Re:let it collapse (5, Interesting)

0100010001010011 (652467) | more than 5 years ago | (#25725463)

100% Absolute Bull Shit. Name 1 manufacturer that does this.

I work for Caterpillar. (You know, Construction Equipment). I've been on the factory tours. I've SEEN a Bulldozer come together from front to end. I can't speak for every component and I'm sure that some parts come from China or elsewhere. But a chunk of the product is made right here built by American Workers. I've seen the robots cutting the plate steel out and people welding it together

Bulldozers/Pipe Layers (Track Type Tractors) are built in East Peoria, IL.
Large Mining Trucks, Motor Graders are built in Decatur, IL.
Hydraulic Excavators and Large Wheel Loaders are built in Aurora, IL.
Skid steers, Backhoes are in South Carolina. (At will factory).
Engines are built in Lafayette, IN, Mossville, IL and Greenville, SC. (Only Mossville is Union).
Paving equipment is in MN.
Underground mining equipment is in Australia.

And there are factories all around the world, Belguim, France, England, India, etc. (Ever figure the shipping on a multi-ton vehicle)

John Deere is in Moline, IA.

Go on a road trip sometime. Name a Chinese Manufacturer. Kumatsu and Mitsubishi and Japanese. JCB is British, Samsung is Korean. There are no (yet) big manufactures in China.

Construction equipment is a tool. And just like with hand tools you can go to Harbor Freight or you can go to Snap-On. For some people Harbor Freight is fine. But if you run something 24/7, 365 and every hour costs you thousands of downtime. You don't go cheap.

I know this is slashdot, but try not to talk out of your ass so much.

Re:let it collapse (0, Redundant)

Anonymous Coward | more than 5 years ago | (#25727411)

Go on a road trip sometime. Name a Chinese Manufacturer. Kumatsu and Mitsubishi and Japanese. JCB is British, Samsung is Korean. There are no (yet) big manufactures in China.

Caterpillar, for one. They're very heavily invested in China. They recently finished acquiring Shandong SEM, a major Chinese heavy equipment manufacturer, primarily, as I understand it, to use their facilities to produce Caterpillar machines. As I understand it, you can't go to a Chinese mine without tripping over something with Caterpillar stamped on it.

Re:let it collapse (2, Insightful)

0100010001010011 (652467) | more than 5 years ago | (#25727631)

Which is quite a bit different than us buying everything from China and restamping it over here. For some things (Cat Machines for example) it's cheaper to make it where it's going to be used.

And as far as "Big Chinese Manufactures" I meant like Shandong SEM. Now if everything in the US has a "Shandong SEM" and was repainted yellow and put out to use then the post I was replying to might have a bit of a point.

Re:let it collapse (3, Interesting)

prezkennedy.org (786501) | more than 5 years ago | (#25725597)

You seriously think the Mexicans who built your house went to college for it?

For that matter, you more than likely have been driving on bridges built by unskilled labor back in the 30's. They haven't collapsed on you yet it seems. And I guess the ole' Hoover dam is still there. Oh, and the Empire State Building, Pentagon, and hey, even the White House. Uh oh...

People are incompetent and lazy, but damn, you make them sound like they're all downright idiotic and unwilling to lift so much as a finger to save themselves.

If times get tough enough, even you might be willing to put down your mouse and pick up a shovel.

Re:let it collapse (1)

Fulcrum of Evil (560260) | more than 5 years ago | (#25726435)

You seriously think the Mexicans who built your house went to college for it?

You think they build 4 lane bridges in the off season?

Re:let it collapse (2)

srussia (884021) | more than 5 years ago | (#25725645)

But I think you would hear cries of "slavery" so much that the idea has no chance.

Just call it "Universal Voluntary Public Service" then.

Re:let it collapse (1)

joeytmann (664434) | more than 5 years ago | (#25725681)

Not all of them were unskilled workers. Probably a very minimal amount of guys were skilled. Lots of those guys had no clue how to weld or what not and were trained by the skilled workers. Guys that had could be trained as welders became welders, guys that could be trained to drive trucks, became truck drivers....etc. The same could be applied here. The guys willing to do more hazardous(high steel work/working with explosives) work got better pay. The guys doing inspections and the engineers(structural and design) are the ones that make sure a bridge/damn/road are safe, and obviously require a formal education before doing that job. Take a look at the Brooklyn Bridge/Hoover Damn projects. Built by thousands of workers, run efficiently by a small group of skilled supervisors/inspectors/managers/engineers. The same thing can be done again....people that are out of work but want a "great" job just need to come to the realization that they just need a job.

Re:let it collapse (1)

Jewfro_Macabbi (1000217) | more than 5 years ago | (#25726087)

What welfare do you speak of? You realize the only people eligible for "welfare" TANF checks are single mothers, and then eligibility is limited to x number of months for life. It might be a bit difficult to run a work camp full of crying babies, but if you want... We also have a federal food stamp program, any citizen without income is eligible. Upon enrollment in the program you are required to either provide a doctors letter stating you are unable to work or participate in job placement programs.

Re:let it collapse (1)

afidel (530433) | more than 5 years ago | (#25726623)

Uh, most of those bridges welded by unskilled laborers with way less tech than is available today are still standing, in fact that's kind of the problem! We haven't really replaced those public works project era bridges despite the fact that they were past their expected lifetimes a generation ago.

Re:let it collapse (1)

nwf (25607) | more than 5 years ago | (#25726991)

I think you'll find that most of the really old bridges were riveted, not welded. Riveting isn't nearly as hard as welding 2 inch thick steel.

Re:let it collapse (2, Interesting)

afidel (530433) | more than 5 years ago | (#25727613)

OK, so we rivet the new bridges. I still fail to see why we can't do what our great grandparents did with significantly lower levels of technology.

Re:let it collapse (2, Interesting)

insllvn (994053) | more than 5 years ago | (#25728015)

Perhaps this is a stupid question, but could we go back to riveting? The bridges have held, and if it is cheaper/easier/more practical... well, it goes against my geeky instincts to say it, but not every endeavor needs the latest tech, so long as what is used is safe and workable.

Soviet Socialist Republics of America (1)

m0rph3us0 (549631) | more than 5 years ago | (#25725131)

What is the point of ending unemployment if the point is to take money off those to work (producing useful goods) to pay those who don't to dig a whole and fill it again (create bubbles and lose client assets when they pop). All that needs to happen is for shitty institutions to fail and reallocate those people to useful enterprises (via market forces).

Re:Soviet Socialist Republics of America (3, Funny)

Anonymous Coward | more than 5 years ago | (#25725539)

Libertarian once shat on my carpet. Said the free market would sort it out.

Re:let it collapse (3, Informative)

Vancorps (746090) | more than 5 years ago | (#25725141)

I do wonder how effective that would be, my grandfather with in the CCC and was involved in building the Hoover dam.

Did this actually help with the depression?

Also they lost more than $700b, that was just the amount they needed to stay solvent. Alan Greenspan's reaction was priceless saying that he'd expected banks to take reasonable risks and not commit suicide. It was in their own interests to self-regulate but surprise surprise, greed won out.

Re:let it collapse (0)

Anonymous Coward | more than 5 years ago | (#25725545)

Alan Greenspan's reaction was priceless saying that he'd expected banks to take reasonable risks and not commit suicide. It was in their own interests to self-regulate but surprise surprise, greed won out.

The economic crisis of 2008 was kicked off by 1 of 5 companies that, in 2004, the SEC exempted from the industry-wide standard lending ratio of 12:1.

Lehman Brothers - FAIL - bankruptcy and liquidation
Goldman Sachs - now a bank holding company
Morgan Stanley- now a bank holding company
Merrill Lynch - Sold Bank of America
Bear Stearns - Sold JP Morgan Chase

AIG joined the clusterfuck because it was insuring European banks which, like the 5 previously mentioned American institutions, were highly leveraged.

I guess you could blame all this on their inability to self-regulate, but their governments did tell them "go ahead"

Re:let it collapse (5, Insightful)

Red Flayer (890720) | more than 5 years ago | (#25725683)

Alan Greenspan's reaction was priceless saying that he'd expected banks to take reasonable risks and not commit suicide. It was in their own interests to self-regulate but surprise surprise, greed won out.

Just to be clear...

First, Greenspan expected banks to make choices in their own self-interest... but instead bank executives made decisions that were in their own self interests. He forgot that corporations are not actual decision-makers, individuals are, and individuals tend to make the choices that are best for them, not the choices that are best for their company.

Second, given the expectation of government bailout, it was no longer in the banks' self-interest to self-regulate, since they got to externalize the risk of bad investments. It's been known for years among financial circles that any bank failures big enough to potentially unhinge the economy would be prevented by government bailout. This information influenced lending decisions.

The simple fact of the matter is that top-level decision-makers at these financial institutions made decisions to maximize their bonuses, and those of their friends. Since the bonuses were not tied to long-term health of the company, the choices made were not optimized for long-term health of the company (or the economy as a whole). Any guilt over the negative repercussions was assuaged by the knowledge that the taxpayer would step in and bail them out.

Really, it was an investor's dream -- privatize the profits, socialize the risks.

Re:let it collapse (2, Insightful)

Hatta (162192) | more than 5 years ago | (#25726261)

First, Greenspan expected banks to make choices in their own self-interest... but instead bank executives made decisions that were in their own self interests. He forgot that corporations are not actual decision-makers, individuals are, and individuals tend to make the choices that are best for them, not the choices that are best for their company.

All the more reason to eliminate corporations as an entity in the eyes of the law.

Re:let it collapse (0)

Anonymous Coward | more than 5 years ago | (#25726631)

All the more reason to eliminate corporate officers as entities in the eyes of the law.

There, fixed that for you. ;)

Re:let it collapse (4, Insightful)

Mister Whirly (964219) | more than 5 years ago | (#25727573)

So when a small business employee gets into a car wreck on the job and accidentally kills somebody, the victim's family should be able to take not only all business assets, but the house and all personal assets of the owner?? Yeah, I can't see where that would cause any problems...

I wouldn't be too quick to let things collapse... (0)

Anonymous Coward | more than 5 years ago | (#25726593)

> It's been known for years among financial circles that any bank failures big enough to potentially unhinge the economy would be prevented by government bailout. This information influenced lending decisions.

The problem with that is that they're able to take hostages, in effect. We can't let them fail (because they'd take lots of innocent people down with them) so they're able to hold us for ransom.

Re:let it collapse (1)

afidel (530433) | more than 5 years ago | (#25726727)

So what you're saying is Greenspan made the same mistake Marx did and forgot that the one immutable fact when dealing with humans is that they are greedy? Yep, that sounds about right for a theoretical economist =)

Re:let it collapse (1)

nwf (25607) | more than 5 years ago | (#25727023)

So what you're saying is Greenspan made the same mistake Marx did and forgot that the one immutable fact when dealing with humans is that they are greedy?

Not to mention lazy, selfish and not in possession of the perfect knowledge economists so often like to claim the markets operate with. Fact is, only a few have the knowledge and they use it to get rich, i.e. business leaders and Wall Street bankers. They knew they were in trouble, but voted themselves huge bonuses because they had the knowledge others didn't: the good times were about to end.

Re:let it collapse (0, Flamebait)

MasterOfMagic (151058) | more than 5 years ago | (#25725151)

You assume the people in Congress care about the Joe the Plumbers of the world with no money and no job instead of the wealthy Wall Street contributors. Who's going to make sure that filthy lucre flows into the machine coffers and the re-election funds? Certainly not Joe who has no job, no healthcare, and no future. So take the tribute that your citizens pay you in income taxes and give it to your Wall Street friends who, like all good money launderers, will take some off the top and return the rest in kickbacks, fact-finding mission funds, and contributions to political campaigns. All-American graft at its finest.

Re:let it collapse (1)

Deadplant (212273) | more than 5 years ago | (#25725547)

We could get all those welfare recipients filling sand bags and use the sand bags hold back the DDOS packet floods.

Better yet we could send this army of untrained workers into peoples homes to clean the trojans from their windows boxen.

I think we can all agree that the final solution will of course be to use them for food. Soylent green!

Re:let it collapse (4, Informative)

agrounds (227704) | more than 5 years ago | (#25725691)

Give the electric companies 2 choices: Fix your own damn shit with your profits or we fix it and lease it back to you or nationalize you.

Sure there are people that are going to bitch because they're used to their handout. But handouts aren't going to help anyone. Make everyone work.

It's not perfect but it's a hell of a lot better than handing it over to a bunch of people who managed to already lose $700b.

[0].M-F you live in work housing or you work 4 - 10s or 7 on 7 off.

I hate to ruin your rant with what we call "facts", but the grid in the United States is not owned by private companies that you can just boss around from your ivory tower of uninformed tripe. It is an amalgamation of state-run and multi-state entities called ISOs (Independent System Operators) that both contract and coordinate with the transmission agencies in concert with privately-owned and state-owned generation assets to produce consistent and reliable power. A grid, in the strictest sense of the word, is a series of transmission lines, owned by multiple companies, that are interlinked and under the complete autonomy of the ISO. Nothing happens without the permission and direction of the ISO or FERC (and NERC as its enforcement arm). The grid is aging, but since the ultimate authority to direct replacement lies with both federal, state, and multi-state agencies, who precisely in your little world bears the fiscal burden?

May I suggest for your education:
http://www.ferc.gov/ [ferc.gov]
http://www.nerc.com/ [nerc.com]

And for ISOs:
http://www.ercot.com/ [ercot.com]
http://www.caiso.com/ [caiso.com]
http://www.nyiso.com/public/index.jsp [nyiso.com]
http://www.pjm.com/index.jsp [pjm.com]
http://www.midwestiso.org/home [midwestiso.org]

Find the one that serves your area, and berate them with your uninformed bile since you obviously understand all of this better than anyone else.

Or do you?

Re:let it collapse (1)

0100010001010011 (652467) | more than 5 years ago | (#25726121)

he grid is aging, but since the ultimate authority to direct replacement lies with both federal, state, and multi-state agencies, who precisely in your little world bears the fiscal burden?

The same people that would for the $700b bailout. I didn't say I *wanted* to pay for it. I just said I thought it would be a better option than throwing money at AIG.

And building a new damn probably requires the input from dozens of state, local and federal regulators and bodies, but somehow the Hoover Dam got built.

Re:let it collapse (2, Funny)

agrounds (227704) | more than 5 years ago | (#25726175)

I didn't say I *wanted* to pay for it. I just said I thought it would be a better option than throwing money at AIG.

To be fair, using it to line the litterbox at my house is a better option than AIG.

Nuclear Power (0)

Anonymous Coward | more than 5 years ago | (#25726421)

Take 700B, build some nuclear plants. And overnight (well, as soon as the plants get built) we go from a huge oil importer to exporting energy to our neighbors.

Plus, with all the added funding on nuclear research which would come from such a move: solutions to the waste problem would be found, breeder reactors optimized and new secrets of the atom unlocked. (not to mention global warming and the middle-east crap)

It would be amazing not having to worry about energy for the next ~200 years. And by that time we'd all have Mr Fusion anyway.

Re:let it collapse (0, Flamebait)

Bryansix (761547) | more than 5 years ago | (#25726765)

You know the part about the Electric Company is funny and ignorant. In California they "Deregulated" the industry. But they didn't really deregulate it because their plan failed and they shot themselves in the foot. By "they" I mean the Grey Davis government. So Southern California Edison has been trying for a long time to upgrade the high voltage lines that lead out of state to other power suppliers. The problem is they have to get on their knees and ask pretty please to the California Public Utility Commission for a 1% increase in power rates and then they get denied. So where are they supposed to get the money if they can't raise it through rates? Oh, and they barely make a profit now and they were losing money before because of Gay Davis (no I didn't misspell that).

Re:let it collapse (1)

cheater512 (783349) | more than 5 years ago | (#25726897)

Wouldnt you need more skilled labour than unskilled labour for bridges, power, water and similar things?

Re:let it collapse (1)

Melibeus (94008) | more than 5 years ago | (#25728185)

Give the electric companies 2 choices: Fix your own damn shit with your profits or we fix it and lease it back to you or nationalize you.

That's three choices...

Re:let it collapse (1)

Zarim (1167823) | more than 5 years ago | (#25724465)

They could even start spending some of that money the government keeps giving them to upgrade their infrastructure.

Re:let it collapse (0)

Anonymous Coward | more than 5 years ago | (#25725305)

yeah, anyone with that signature line should have all of his posts marked as troll.

Frist POST FUCKKERRER (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25724439)

HAHAAHAHAH

Welcome to the recession. (2, Interesting)

mbone (558574) | more than 5 years ago | (#25724447)

...one says fewer resources, less management support, and increased workload.

Welcome to the recession. Please enjoy your stay.

Re:Welcome to the recession. (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25724627)

Except the economy is fake and "they" pull this recession bullshit every ten years or so.

Re:Welcome to the recession. (1)

joocemann (1273720) | more than 5 years ago | (#25724767)

you got quotation marks, but no point. please elaborate.

Re:Welcome to the recession. (4, Funny)

Culture20 (968837) | more than 5 years ago | (#25724865)

Except the economy is fake and "they" pull this recession bullshit every ten years or so.

you got quotation marks, but no point. please elaborate.

Obviously the Anti-Illuminati. You'd think "they" meant Illuminati, which is why it has to be the Anti-Illuminati. Unless "they" knew you'd think that...

Re:Welcome to the recession. (1)

Pope (17780) | more than 5 years ago | (#25725445)

How is this tied to the recession? Sounds like SOP for any business that wants to bump up the bottom-line with zero thought put into the decision.

Re:Welcome to the recession. (1)

Shakrai (717556) | more than 5 years ago | (#25725603)

Welcome to the recession. Please enjoy your stay.

Aren't the Telecom companies actually still making money? I'm somewhat skeptical to hear them crying about the recession until I see some quarterly results that don't show profits.

I blame... (1, Funny)

Anonymous Coward | more than 5 years ago | (#25724463)

...the Jews.

Wasn't there something in the Book of Phlobroham about not trusting a 128-bit address space? I don't want to have to get circumcised just to get to the BBC website, goddammit.

Re:I blame... (2, Funny)

Anonymous Coward | more than 5 years ago | (#25725521)

as far as trolls go, that was pretty good. that is how slashdot trolling ought to be done

what's scarier, or not (5, Interesting)

circletimessquare (444983) | more than 5 years ago | (#25724595)

i can't decide, is the 40Gbps spike was related to fighting between criminal organizations. so its mollifying that this tool is so far only being used at such screaming proportions as turned on its creators:

The Arbor Networks researchers said a 40-gigabit attack took place this year when two rival criminal cybergangs began quarreling over control of an online Ponzi scheme. "This was, initially, criminal-on-criminal crime though obviously the greatest damage was inflicted on the infrastructure used by the criminals," the network operator wrote in a note on the attack.

the new york times had a good summary:

http://www.nytimes.com/2008/11/10/technology/internet/10attacks.html?partner=permalink&exprod=permalink [nytimes.com]

its notable that a lot of this potential is just sitting around, waiting for a chance to be used. if china goes to war with taiwan, or as when russia declared war on georgia, you will see/ saw these countries get DDosed off the face of the earth. that's the really worry: using DDos as a tool of war. the usa can sit around and wait until DDos used against vital government and civilian systems, or get ahead of the curve now

also notable: reflective amplification. that's the methodology employed. i'm not really sure, but i think that's where you dupe completely unrelated systems into responding to forged packets. someone wiser than me on these issues: is that the general drift?

Re:what's scarier, or not (5, Informative)

whydna (9312) | more than 5 years ago | (#25724699)

Back in the day (about a decade ago), you could "smurf" folks, which is a form of reflective amplification. The process was fairly simple: you'd ping a network's broadcast address with a packet spoofed to appear to come from your victim. At the time, most networks weren't filtering the broadcast traffic. As a result all the hosts on that network would respond to the ping. Back in the days of 14.4 modems, you could easily blow somebody offline while generating a very tiny volume of traffic.

---> ping (src: victim [spoofed], dest: broadcast address of large network)
<=== large number of icmp responses (src: addresses in large network, dest: victim)

I'd guess that the attack is similar in concept.

Re:what's scarier, or not (4, Interesting)

Splab (574204) | more than 5 years ago | (#25724841)

Well there are all sorts of neat tricks, but basically its the same.

First you get yourself a bunch of zombies, these can hammer away at whatever speed they got uplink - but instead of hitting the target directly you use BGP routers (hopefully most are now immune to this) and make ICMP packets claiming to be from your victim, this way the BGP routers will respond to the ping effectively making a reflected DDoS (RDDoS). The neat thing is its pretty hard to figure out where the traffic is coming from because you need to contact whoever administrates the BGP router - and you can't block the traffic since the BGP routers are kinda important for your connection(s).

Re:what's scarier, or not (1)

pdxp (1213906) | more than 5 years ago | (#25725143)

I believe what we have now that stops this is called egress filtering.

basically, outgoing routers at different levels check to make sure the source address of a packet will lead back to the network it originated from.

Re:what's scarier, or not (1)

russotto (537200) | more than 5 years ago | (#25724731)

also notable: reflective amplification. that's the methodology employed. i'm not really sure, but i think that's where you dupe completely unrelated systems into responding to forged packets. someone wiser than me on these issues: is that the general drift?

Yeah. The "smurf" attack -- where you forge an ICMP Echo Request to some large broadcast address -- is the prototype for that sort of thing. Any service which will generate a reply to an unverified source address is a potential middleman, though.

Re:what's scarier, or not (2, Funny)

Anonymous Coward | more than 5 years ago | (#25724885)

the usa can sit around and wait until DDos used against vital government and civilian systems, or get ahead of the curve now

That could be a bit of a self-inflated problem considering the zombie bot armies. However I do agree we need to make the telcom industry feed us some heavy doses of fiber with all those extra funds we been giving them for decades for it and less on silicone for their mistresses, thereby making the "tubes" a bit more regular in the flow and less top heavy. It would help too if things were less centralized with traffic and more redundant as well. Wonder if the DHS is monitoring backhoes yet?

holy alliteration batman (1)

circletimessquare (444983) | more than 5 years ago | (#25724967)

'However I do agree we need to make the telcom industry feed us some heavy doses of fiber with all those extra funds we been giving them for decades for it and less on silicone for their mistresses, thereby making the "tubes" a bit more regular in the flow and less top heavy.'

best idiomatic sentence i've seen on slashdot, ever. you shoehorned two idiomatic expressions in there, in parallel, without sounding verbose, and increasing the humor and potency of what you were trying to say

pure awesome win

Re:holy alliteration batman (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25725185)

drink my fuck

Re:what's scarier, or not (1)

Penguinisto (415985) | more than 5 years ago | (#25725287)

Err, why would the US gov't care? They have their own secure internetwork setups that are pretty much isolated from 'The Internet' as we know it. No one has creates a DDoS technique that can leap an air gap, so...

I suspect that most other first-world governments have similar infrastructures as well.

/P

Re:what's scarier, or not (0)

Anonymous Coward | more than 5 years ago | (#25727543)

also notable: reflective amplification. that's the methodology employed. i'm not really sure, but i think that's where you dupe completely unrelated systems into responding to forged packets. someone wiser than me on these issues: is that the general drift?

It's called a smurf attack.

WOW! (-1)

Anonymous Coward | more than 5 years ago | (#25724615)

You can't tank 40 GBPS in T1? Man, my pally can do that with me afk, don't get me started about my druid.

Re:WOW! (0)

Anonymous Coward | more than 5 years ago | (#25726723)

No way champ, my AC e-penis is WAAAAAAAAAAAAAAAAYYYYYYYYYYYYYYYYYYYYYYYYYYYYY bigger than yours.

Key comments (5, Informative)

Animats (122034) | more than 5 years ago | (#25724617)

Useful quotes from the report:
  • "Large Web mail operators like Google don't give a sh-- -- about spam originating from their networks because they know they are too large to be blacklisted. This causes significant pain."
  • "Overall, law enforcement referrals dropped for the third year in a row." "We also asked respondents if they believe law enforcement has the power and/or means to act upon information provided by network operators. Only 21 percent said Yes, while nearly 64 percent said No".
  • "The attack stopped only because the attacker was paid. The attacker remains at large and active. No bots were used in this attack. The attacker had a small number of compromised Linux boxes from which he'd launch the spoofed source DNS query. The DNS servers were all DNS servers open to recursion."

Re:Key comments (0)

Anonymous Coward | more than 5 years ago | (#25724941)

"Large Web mail operators like Google don't give a sh-- -- about spam originating from their networks because they know they are too large to be blacklisted. This causes significant pain."

It's only a matter of time before google are blacklisted. We cut them some sway because they've got a huge network and presume they're acting responsibly.

The attack stopped only because the attacker was paid.

Where there's a payment, there's a paper trail!

Re:Key comments (0)

Anonymous Coward | more than 5 years ago | (#25727237)

Unless they used cash!

http://openbgp.org/ (0)

Anonymous Coward | more than 5 years ago | (#25724625)

http://openbgp.org/

Those darn Swedes (0)

Anonymous Coward | more than 5 years ago | (#25724785)

The 40gbps attack must have come from her [engadget.com] .

Well that and getting slashdot'ed (0)

Anonymous Coward | more than 5 years ago | (#25725003)

That one keeps everone up at night.

Why isn't the insecurity of Windows mentioned? (1)

whoever57 (658626) | more than 5 years ago | (#25725109)

Most of the DDOS traffic originates from compromised Windows PCs. Most SPAM originates from Windows machines. There is lots of hand-wringing about the issue, but the fundamental cause of several serious Internet problems appears to be the insecurity of Windows (before anyone mentions "clueless users" -- the OS should not allow the users to make these mistakes -- since Windows is marketed to these very types -- it's like selling a car that does not have seatbelts and airbags to people who can't drive).

So, when are people going to ask Microsoft the hard questions? Yes, I know MS has taken some steps, but, clearly those steps have not been sufficient.

Re:Why isn't the insecurity of Windows mentioned? (1)

Yetihehe (971185) | more than 5 years ago | (#25725553)

So, when are people going to ask Microsoft the hard questions?

When they realise windows is not secure. Which is: not very soon. Typical zombie-computer users don't know what a zombie computer is.

Re:Why isn't the insecurity of Windows mentioned? (2, Insightful)

lawaetf1 (613291) | more than 5 years ago | (#25725573)

I don't often ride to the rescue of MSFT but if people are going to ignore updates and continue to run unpatched IE5 on Windows 2000.. what would you have them do? Force patches on people with no disable option? That'd go over real well with the /. crowd.

Probably the best thing that could happen would be for major web sites to start rejecting IE5. That would oblige a significant chunk of the slackasses out there to upgrade and visit windowsupdate in the process. Not that this would really improve the already infected machines out there but it's a start.

Re:Why isn't the insecurity of Windows mentioned? (1)

legirons (809082) | more than 5 years ago | (#25726485)

I don't often ride to the rescue of MSFT but if people are going to ignore updates and continue to run unpatched IE5 on Windows 2000.. what would you have them do?

Write it correctly the first time?

Prioritise security over trying to out-politick a court?

Use simple published protocols in preference to ones designed to make it harder for competitors to reverse-engineer?

Or alternatively they could just patch their shit every tuesday and blame the users for not spending their entire monthly bandwidth on software upgrades, that works too...

Re:Why isn't the insecurity of Windows mentioned? (1)

rabbit994 (686936) | more than 5 years ago | (#25728243)

No one gets anything correct the first time and if Linux got majority of the home users, I would see people attacking it as well. Right now it's not worth it but when it does, we will see the same problem.

Real problem is fact that ISPs will let these zombies sit on their networks and not do a thing. If ISPs started cutting off zombie machines then this problem would be fixed. It's pretty easy to see a zombie machine at work, 50 outbound connections to 45 different SMTP server, yea, it's a zombie or at least teenager on other side with no morals.

Re:Why isn't the insecurity of Windows mentioned? (0)

pandrijeczko (588093) | more than 5 years ago | (#25725807)

Most SPAM originates from Windows machines.

I'm a mainly Linux/UNIX guy but the above statement is entirely incorrect.

Most Spam originates through incorrectly configured mail servers that allow mail relaying. In reality, it's much easier to leave on open relay on something like Sendmail on Unix than it probably is on Microsoft Exchange.

Re:Why isn't the insecurity of Windows mentioned? (4, Informative)

whoever57 (658626) | more than 5 years ago | (#25726253)

Most Spam originates through incorrectly configured mail servers that allow mail relaying. In reality, it's much easier to leave on open relay on something like Sendmail on Unix than it probably is on Microsoft Exchange.

Did we just jump in back 5 (or more) years in time?

You are joking, right? Open relays have been oveshadowed by compromised destop machines as spam sources for a few years now. Plus, since SMTP MTAs tend to be on static IPs, the use of RBLs has effectively limited the reach of open relays as sources for any kind of email (SPAM or otherwise).

Re:Why isn't the insecurity of Windows mentioned? (0, Troll)

pandrijeczko (588093) | more than 5 years ago | (#25728417)

Actually, to correct you, it tends to be more compromised online email accounts (like Gmail and Hotmail) with guessable passwords than it is end client email viruses.

If it's really that big a problem then... (4, Interesting)

Spatial (1235392) | more than 5 years ago | (#25725705)

...take them out.

The computers I mean. If it's that bad the zombies need to be killed off.

I've read a few stories about researchers infiltrating botnets and being able to see a list of all the compromised computers. I wonder if it's possible to completely stop network access remotely without causing data loss.

If I was in a position where I could press a button and wipe the MBR of every zombied computer on a gigantic botnet, I'm not sure if I would or not. Would you?

Re:If it's really that big a problem then... (0)

Anonymous Coward | more than 5 years ago | (#25726295)

If I was in a position where I could press a button and wipe the MBR of every zombied computer on a gigantic botnet, I'm not sure if I would or not. Would you?

Yes. Boot off a bootable CD/etc if you don't have a backup of your data before reinstalling.

Re:If it's really that big a problem then... (1)

swilde23 (874551) | more than 5 years ago | (#25727001)

Orrin Hatch wants you to join the "we'll blow up your computer" army. Do you have what it takes?

Re:If it's really that big a problem then... (1)

shentino (1139071) | more than 5 years ago | (#25727989)

The trouble with this plan is collateral damage.

Often, zombies are also hostages.

As long as the process makes sure that reinstallation of the OS doesn't burn up any licenses for anything (I'm looking at YOU EA...), then I would be in favor of such a move.

The annoying inconvenience should be incentive enough for people to invest in securing their computers. Anything more severe than that, and you're treating the disease by killing the patient.

As far as getting caught, I just remember that galileo got tried for heresy for stating the truth. If it's worth the risk, go for it as long as nobody innocent gets profoundly hurt.

Great Explaination (4, Insightful)

IceCreamGuy (904648) | more than 5 years ago | (#25726007)

Most believe that the DNS cache poisoning flaw disclosed earlier this year was poorly handled and increased the danger of the threat

The Kaminsky thing? The ISPs thought it was handled poorly? How ***the fuck*** should it have been handled then? The day they disclosed publicly that there was a vulnerability, nevermind that they didn't disclose the details, they had patches out for every major DNS server and any ISP who wanted to be patched could have been. WTF?

Scary stuff (5, Funny)

Larryish (1215510) | more than 5 years ago | (#25726105)

This is terrifying.

So terrifying, in fact, that I fully support the rebuilding of the entire Internet by pseudo-Democratic countries like the United States, and large businesses such as General Electric and Monsanto.

We have to stop these faceless Internet terrorists once and for all!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...