Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Live Map of Ongoing DDoS Attacks

Soulskill posted 1 year,10 days | from the all-the-traffic-you-can-eat dept.

Botnet 46

Daniel_Stuckey writes "Check out the Digital Attack Map. It was produced in a collaborative effort by Google Ideas and Arbor Networks to raise awareness about distributed denial of service attacks. You know, those malicious digital attempts to choke, or shutdown websites by sending them volumes of traffic far too large for them to handle. The map 'surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day,' as its about page explains. Created using attack data from Arbor's 'ATLAS® global threat intelligence system,' this is the D.A.R.E. of DDoS — it's about the danger of having information streams cut off. Under the heading 'DDoS Attacks Matter,' Google and Arbor explain that 'sites covering elections are brought down to influence their outcome, media sites are attacked to censor stories, and businesses are taken offline by competitors looking for a leg up.'" This comes alongside Google's announcement of Project Shield, the company's homegrown DDoS mitigation service.

Sorry! There are no comments related to the filter you selected.

Slashdot Effect (4, Funny)

Anonymous Coward | 1 year,10 days | (#45194257)

Where is Slashdot on this map?

Slashdotted (4, Funny)

vettemph (540399) | 1 year,10 days | (#45194263)

The site is currently being slashdotted. :)

Re:Slashdotted (1)

Freshly Exhumed (105597) | 1 year,10 days | (#45194305)

It loaded perfectly just now. Anyway, it is kind of hypnotic after a few minutes... can't... shut... it... offfffff.......

The irony (1)

nxcho (754392) | 1 year,10 days | (#45194403)

This interactive map of denial of service attacks seems to deny it's own interactivity by freezing my browser every time I try to interact with it.

Re:The irony (1)

fatphil (181876) | 1 year,9 days | (#45196029)

After staring at "loading attack data" for 10 seconds, I decided it was denying my service, and gave it the Ctrl-W.

Browser upgrade requirement (0)

Anonymous Coward | 1 year,10 days | (#45194429)

The site has chosen not to display the content to certain browsers. I can't help it that our company policy has us locked to a certain version.

Honest question: will animations, flash, silverlight, (or however it's displayed), really-really not work on last year's browser. Really?

Re:Browser upgrade requirement (2)

X0563511 (793323) | 1 year,10 days | (#45194573)

I think it's HTML5, so no - probably not.

Re:Browser upgrade requirement (1)

Kozar_The_Malignant (738483) | 1 year,9 days | (#45195345)

Please repost these comments to the IE 11 story/flamewar.

Re:Browser upgrade requirement (1)

tibman (623933) | 1 year,9 days | (#45195315)

FF and Chrome auto-update now. If you are on IE 8 or 9 you may experience some problems. http://caniuse.com/#agents=desktop&cats=HTML5&statuses=wd [caniuse.com] SVG appears to be supported in IE 9 so if you are XP and stuck with IE 8 you'll have to use a different browser. I didn't look at all the tags but SVG stood out. IE should not be tied with the OS, you should be able to update it independent of the OS version : /

why hasn't the IETF solved the DDoS problem yet? (1)

Darth Technoid (83199) | 1 year,10 days | (#45194653)

surely, there's a protocol-level solution to this.

Re:why hasn't the IETF solved the DDoS problem yet (4, Informative)

Qzukk (229616) | 1 year,10 days | (#45194875)

There's an ISP level solution to a major chunk of it, but they're too busy cracking down on bittorrent and competing voip/video services to do anything about it.

A lot of DDoS traffic has spoofed source IPs in order to make it difficult to track down the source. All the ISP has to do is prevent packets from leaving their network if they aren't addressed from their network, and at least what's left can be traced back to the source. For instance, this would eliminate using DNS servers as reflectors for attacks, since these attacks rely on sending a DNS request with the From address forged to be the victim's from address.

Re:why hasn't the IETF solved the DDoS problem yet (1)

Ardyvee (2447206) | 1 year,10 days | (#45195069)

Man, that seems like a sensible thing to do. It's not good, suggesting sensible things. Why don't you please come by to our brain-washi-- I mean, educational center? You clearly need it.

Re:why hasn't the IETF solved the DDoS problem yet (0)

Anonymous Coward | 1 year,9 days | (#45195141)

All the ISP has to do is prevent packets from leaving their network if they aren't addressed from their network, and at least what's left can be traced back to the source

Most ISP's already do this, just like most ISP's use a whitelist approach to BGP announcements. Not all, granted, but if you want to peer with the 'big boys' that's how you have to play.

And just as an FYI to the GP, most DDoS are done with botnets these days so there isn't much in common in terms of source ip's and networks. It's not something that can really be dealt with at a protocol level, because there's usually no way to really tell if the traffic surge is legitimate or not. For example, when a nation like the US (just as an example) chooses to launch a new healthcare.gov website (hypothetical of course) which draws global attention and will draw tens of millions of unique visitors per hour (purely speculation of course) it has the exact same pattern as a sudden DDoS.

Re:why hasn't the IETF solved the DDoS problem yet (1)

gl4ss (559668) | 1 year,9 days | (#45197813)

most attacks on the map are "source unknown" type, which I assume means spoofed ip's.

Re:why hasn't the IETF solved the DDoS problem yet (0)

Anonymous Coward | 1 year,9 days | (#45195143)

Unicast reverse path forwarding. ISPs should enable this on subscriber facing interfaces for the majority of their customers. The only exception needed is where customers have BGP adjacencies with the provider, as it's possible they could be multihomed and it would cause issues there. They could also enable something like NetFlow-triggered outbound subscriber shaping/inbound policing. If a customer is sending something which is obviously garbage (like TCP resets to the same destination), NetFlow could easily pick it up and an outbound/inbound policy-map/firewall filter (choose your vendor) pair would be automatically applied on the subscriber-facing interface. This will still allow the customer to use their connection, but bottleneck it until the offending flow stops. Providers already do things like community-string triggered null routing, but this is usually part of an add-on pay service. These other things could and should be done across most of their networks, most specifically on residential customers.

Re:why hasn't the IETF solved the DDoS problem yet (0)

Anonymous Coward | 1 year,9 days | (#45196003)

Many DDoS attacks don't need spoofed source addresses anymore. Oftentimes, it's sufficient to just have thousands of 'zombies' issue totally ordinary requests to the server. Has the added benefit that you are putting load not only on the network, but also on the server and possibly database.

The numbers of zombies in these attack networks has gotten large enough that there is no way that an ISP could implement source address filtering for every single one of them.

Therefore, your suggested solution won't work in many or even most cases anymore.

Re:why hasn't the IETF solved the DDoS problem yet (1)

Nemyst (1383049) | 1 year,9 days | (#45196937)

Correction: many or most high profile cases. For every big DDoS we hear about on /., there are thousands if not tens of thousands that go unnoticed by the majority, done by some script kiddie who thought he'd have some fun with his tiny botnet or by some crazies in a Middle Eastern or slavic country who decided to deface your site and claim it as theirs. Those attacks very often rely on amplification and spoofing to do any damage.

Re:why hasn't the IETF solved the DDoS problem yet (0)

Anonymous Coward | 1 year,9 days | (#45197785)

"All the ISP has to do"

All that all ISP's in the world have to do...

So what? (0)

Anonymous Coward | 1 year,9 days | (#45199199)

"All that all ISP's in the world have to do.."

Yes.

And you state this why? Is it impossible for ISPs to do that? Remember there may be tens of thousands of ISPs but they have to hitch to one of only a select few backbone providers who are ALSO ISPs. And they know what subnet that IP came from. Therefore if only those few did it, then spoofing would only be possible within the same sub net that the noncompliant ISP did, and the botnet owner doesn't know (or to this point care) what are acceptable IP ranges to use that won't get nuked by this.

Each of those major ISPs could also refuse to carry traffic from an ISP that doesn't apply this state.

Remember, all that was needed to have a usable commercial home electrical goods system was for "All electronics manufacturers" to agree to a standard set of plug, voltage and/or frequency.

Buy goods in your country and it will work because "all manufacturers" DID agree.

More info Shinier animation (0)

Anonymous Coward | 1 year,10 days | (#45194687)

There's a balance but I'd like to see more options for refinement and additional information, filter layer style maybe. Whizbang goes whiz.

The DARE of DDoS (4, Funny)

xepel (1573443) | 1 year,10 days | (#45194693)

I certainly hope this isn't like DARE, or else it'll encourage an entire generation of kids to experiment with DDoS...

Re:The DARE of DDoS (1)

billstewart (78916) | 1 year,9 days | (#45195943)

If it's a for-profit propaganda organization masquerading as a non-profit education, then it's a lot like the original....

Lol. (0)

Anonymous Coward | 1 year,10 days | (#45194761)

Seems quite a few countries are taking shots at china, but they're too focused on the United States to care.

Re:Lol. (1)

Chrisq (894406) | 1 year,9 days | (#45198277)

Seems quite a few countries are taking shots at china, but they're too focused on the United States to care.

It amazes me the obvious number of attacks on China from the USA. What I find interesting is why nothing in Russia given the known hacks by Russian cyber-criminals? maybe they are so good that they all show as "unknown".

Re:Lol. (0)

Anonymous Coward | 1 year,9 days | (#45199343)

Most spam I get (in the UK which uses the £) are offering goods for the US market in US$.

EVEN IF "most spam" is from Russia or China, MOST OF THE COMPANIES BUYING SPAMVERTISING are US companies for US customers in the USA.

Since the reason spam is profitable is because people willingly pay for these illegal services, the root cause analysis has the USA as the reason for most of spam.

Re:Lol. (1)

geminidomino (614729) | 1 year,9 days | (#45199363)

It's not showing hacks, it's showing DDoS. And what you're looking at is actually US attacks on China -- it's not obvious from the map, and the animation is misleading. View the "Table" view to see that there are no "known" attacks from CN to US.

Sources (2)

gmuslera (3436) | 1 year,10 days | (#45194765)

The sources of the attacks is not so much where the person launching the attack lives, but computers that takes part in a botnet/have a trojan/visit special pages, or hacked sites (usually with the owner of those computers/sites having no clue of that happening). It could give new information on DDoSed targets, but for sources could have too much noise to be useful.

Bigger problems (2, Interesting)

Anonymous Coward | 1 year,10 days | (#45194783)

it's about the danger of having information streams cut off. Under the heading 'DDoS Attacks Matter,' Google and Arbor explain that 'sites covering elections are brought down to influence their outcome...

If you can influence the outcome of an election by shuttering sites that merely cover the election, then you have way bigger problems than DDoS.

Project SHIELD... (1)

mythosaz (572040) | 1 year,10 days | (#45194821)

Agent Ward: It means somebody really wanted our initials to spell "shield"

Google's Shield is an interesting dare to the malcontents of the internets... Resistant to attack, you say?

Good case for a bigger question: (0)

Anonymous Coward | 1 year,10 days | (#45194867)

I believe that individual liberty is fundamentally incompatible with any society, or at least inversely proportional to societal interconectedness. Fact is, every person who isn't immunized, and every person who isn't educated, and every computer that isn't up-to-date, patched, and secured.. is a liability to us all. Ultimately, the freedom to be or have one of these things will become untenable and will be removed. I believe that's a good thing.

Re:Good case for a bigger question: (0)

Anonymous Coward | 1 year,10 days | (#45195063)

Then tell that to all of the Win8 users struggling with the recent 8.1 update. Furthermore explain your reasoning to my mother who just had a Windows Update (Critical No Less) that wiped out her email addressbook today. Please stand close enough so she can reach you with the cast iron pan that she's already thrown at me for the situation and no I haven't found a backup of the addess book as live mail wont import that god damn thing and Thunderbird? Forget it, it's not in the fucking live-mail folder and it doesn't even give an oppurtunity to import from backup (Tbird 24+). I'm getting to the point of simply dropping back to Win98-SE as it was stable, doesn't have activation and runs all of my games w/o problems plus I can use Partition Magic and the boot manager to configure things to boot multiple copies of 98-SE

Borg ass BS (0)

SpaceManFlip (2720507) | 1 year,10 days | (#45195075)

You must be assimilated

You must comply

Exterminate

Re:Good case for a bigger question: (1)

tibman (623933) | 1 year,9 days | (#45195361)

Fact is, every person who isn't immunized, and every person who isn't educated, and every computer that isn't up-to-date, patched, and secured.. is a liability to us all.
I'd say most of the time they are a liability to themselves and merely a nuisance to others who have to support them.

Poor Canada (1)

gsgriffin (1195771) | 1 year,10 days | (#45194905)

is once again overshadowed by the U.S. of A. I think I can see a little line dropping into Canada. There is still hope that more people will care enough to attack you, too.

50 dollars worth of bitcoin (0)

Anonymous Coward | 1 year,10 days | (#45194945)

To whoever can draw a penis pointing at mexico.

Easy fixes (1)

Charliemopps (1157495) | 1 year,9 days | (#45195183)

Most of these attacks sources are either
a. Idiots with DSL that click yes to everything
b. Businesses that have no IT staff and let their nephew setup their network.

The traffic is easily detectable and easily shut off by locking their account. ISPs don't want to do that because in most cases the target is not a paying customer and the person whos computer is compromised is. Why would they potentially tick off a paying customer before the target complains? Moreover why would they invest time, energy and equipment into detecting attacks?

Fine the ISP. Then they'll have a reason to give a shit.

Re:Easy fixes (0)

Anonymous Coward | 1 year,9 days | (#45195423)

You're right that the ISPs should be fined. But then they will just turn around and give those extra fees to their paying customers.

Re:Easy fixes (1)

Anonymous Coward | 1 year,9 days | (#45195713)

Fine the CxOs and investors directly for malfeasance.

Re:Easy fixes (0)

Anonymous Coward | 1 year,9 days | (#45200361)

Fine the bad guys that are taking advantage over those poor bastards PCs.

Captcha: despair

Google DDoS mitigation (0)

Anonymous Coward | 1 year,9 days | (#45196445)

I love the fact that Google has its own DDoS mitigation service. THE ADVERTS MUST GET THROUGH!

if packets are like love... (1)

Gravis Zero (934156) | 1 year,9 days | (#45196863)

... then the US has a whole lot of secret admirers.

CPU utilized (0)

Anonymous Coward | 1 year,9 days | (#45197835)

I get almost 100% CPU utilization from that map...

A rubbish map (0)

Anonymous Coward | 1 year,9 days | (#45198223)

The map is total rubbish.

Oh my God! (1)

aaaaaaargh! (1150173) | 1 year,9 days | (#45198393)

According to my version of the live map, there is a mid-sized attack from the US to China and at the same time a gigantic attack on the US from outer space!!!

Low contrast = ignored (0)

Anonymous Coward | 1 year,9 days | (#45198603)

Another POS low contrast design.

Hey stupid kids:
If you have something to say, don't say it in gray faded barely readable text.

Not great (1)

whitroth (9367) | 1 year,9 days | (#45203001)

I'm on CentOS, so I'm running FF ESR 17.0.9. It displays the map, after I tell noscipt to do so. However... trying to see any given stream's info, putting the cursor over it, is a complete waste: it flashes, then vanishes. I move it upwards, and I can read part of it, but not the rest before it goes away. In effect, you can't read the captions on what you're seeing.

I'd give it somewhere between a D+ and a C-., with D for useability.

              mark

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?