DDoS attacks plaguing the internet

exception0x876

@GalaxyHostPlus said:
We just got attacked on one of our node with 750M Attack which passed OVH filers,
OVH firewall did not detect anything

what makes you think it was an attack? maybe one of your customers tested some good stuff

GalaxyHostPlus

@exception0x876 said:

@GalaxyHostPlus said:
We just got attacked on one of our node with 750M Attack which passed OVH filers,
OVH firewall did not detect anything

what makes you think it was an attack? maybe one of your customers tested some good stuff

Network went down until I block that IP from OVH firewall in IP settings, We have nodewatch installed so it reported the attack from OVH IPs. Probably that why OVH never detected anything in OVH Manager.

desperand

@ChrisK said:
it only was a matter of time, i'm sure they will grow bigger.

usually, when such attacks going to a public, that means hackers already found a method to generate capacity which in several times bigger then this, and they will wait, usually it take up to 12 months to leak much powerful private ddos methods to public.
this is just an observation from my side without facts.

Four20

@theblackesthat said:
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/

Krebs is back online and is now hosted by Google.

https://projectshield.withgoogle.com/public/

Which is interesting because I had no idea Google offered DDOS protection

Even after he moved his site to Google "shield", it still went down few times yesterday I believe.

UrDN

@Four20 said:
Even after he moved his site to Google "shield", it still went down few times yesterday I believe.

It was more looking like he was dealing with configurations rather than an attack.

He obviously wanted to generate some tears with that story, similarly to spamhaus in 2013.

His domain does not resolve to any IPv6, he does not publish an .onion addres either. He could also have used series of proxies from various hosts, but no he does not do that.

That's similar to other pseudo-journalists/Internet experts publishing articles in which they pretend that the attacks "take down the Internet".

Classic FUD.

William

desperand said: usually, when such attacks going to a public, that means hackers already found a method to generate capacity which in several times bigger then this, and they will wait, usually it take up to 12 months to leak much powerful private ddos methods to public. this is just an observation from my side without facts.

Not really. This does not scale as you think and the large attacks are pretty public visible by the upstreams and especially exchanges (and that especially in Europe).

What you mean are SSDP and similar which took a while to get "public" and were used before, though this applies to NTP since many years as well - just no one ever saw much need to deal with it.

Ole_Juul

Well this latest seems to be growing. OVH has now reported 990Gbps and says there's a capability of 1.5 Tbps.

Francisco

Looks like a LET resident dumped a lot of code related to this botnet:

https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

IP logging likely going on so if you're going to poke around the source you best use something like TOR to do so.

Francisco

joepie91

@Francisco said:
Looks like a LET resident dumped a lot of code related to this botnet:

https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

IP logging likely going on so if you're going to poke around the source you best use something like TOR to do so.

Francisco

Man, that HF thread is an utter shitfest. I guess I shouldn't be surprised, given that it's HF and all...

dedicados

this looks like:

Zeast

@dedicados said:
this looks like:

with source released, i don't think so

UrDN

A 5 minutes overview of the archives reveal all the usual script-kiddies patterns. All the FUD about it is ridiculous.

jbiloh

Being a network administrator certainly isn't going to get any easier any time soon.

cassa

We've never had any issues so far.

Edit: we actually had, but it wasn't really a ddos attack. It was someone abusing the looking glass

PremiumN

@cassa said:

If i was you, i wouldn't say this in public. You really do not want to make the attackers feel that way believe me.

Flapadar

@GCat said:
Finally finished going through an attack log, anyone want to analyze it also?Message me I'll send it

PM'd

AdolofYs

SuperBNC's aegir server was hit earlier today.

theblackesthat

@Four20 said:

Hidden in most of the junk packets hitting Krebs' website was a small message that read "freeapplej4ck," in reference to AppleJ4ck, one of the two owners of the vDos service. Both AppleJ4ck and his partner, M30W (P1st), were arrested last week by Israeli police following Krebs' exposé.

http://news.softpedia.com/news/ddos-for-hire-community-strikes-back-at-krebs-with-record-665-gbps-ddos-attack-508535.shtml#ixzz4L2GVRndx

LOL.

https://krebsonsecurity.com/2016/10/feds-charge-two-in-lizard-squad-investigation/

https://www.justice.gov/usao-ndil/file/900826/download

More PoodleCorp and LizardSquad members getting indicted.

They are all probably rolling over on each other. Whole booter/stresser scene is getting blasted by the feds. Which may be good news for web hosts, gamers, etc.

mik997

they probably had Yahoo email accounts .. ;-]

simonindia

good read Place holder https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/

sin

theblackesthat said: https://www.justice.gov/usao-ndil/file/900826/download

That was a long read interesting info, thanks. Looks like they couldn't wait to blame each other and name "leaders" when interviewed by the fbi.

WebGuru

Is it just me or anyone else also facing issues with Voxility always on protection from last few hours?

deadbeef

@AnthonySmith said:
I don't think there is a technical solution right now, just put a 30 year or death sentence on it, I suspect that even the risk would seriously outweigh whatever benefit the attackers get from the attack.

Are you saying that because off all the historical evidence there is that obscene punishment significantly reduces violations?

It's been tried again and again and again and ... same thing. Take a look at the so called "war on drugs" and even the prohibition era. Producers will produce, customers will buy, people will end up in jail for an disproportionate long time and problem will still be there.

jar

What's with the necro crap today...

deadbeef

Whoops, my bad, sorry.

AnthonySmith

deadbeef said: Take a look at the so called "war on drugs"

Take a look at the war on drugs in the Philippines right now.

Nekki

jarland said: What's with the necro crap today...

Too much turkey makes people do strange shit.

deadbeef

@AnthonySmith said:

deadbeef said: Take a look at the so called "war on drugs"

Take a look at the war on drugs in the Philippines right now.

Philippine president Rodrigo Duterte to extend drug war as 'cannot kill them all'

Philippine leader says there are too many people involved in the narcotics trade and he needs more time to deal with them

See?

AnthonySmith

deadbeef said: See?

801,734 total number of surrenderers in Project Tokhang
- 57,821 pushers
- 743,913 users

nope.

deadbeef

@AnthonySmith said:

deadbeef said: See?

> 801,734 total number of surrenderers in Project Tokhang
> - 57,821 pushers
> - 743,913 users
> 

nope.

Really?