New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDOS Stats
raindog308
Administrator, Veteran
Got a vendor whitepaper/sales promo in my inbox. Some of the stats it had were interesting...don't know if they're accurate. The vendor is selling anti-DOS gear so certainly they are biased.
- botnet rental cost averages $67/day
- 15% of DDOS incidents are 10gpbs or higher
- few are >100gbps but they happen monthly
- CPU exhaustion is as difficult as bandwidth exhaustion (i.e., DNS packets are small but millions of them can overwhelm the CPU of the servers handling them even if overall bandwidth is small)
- countries that generate the most attacks: China, Ukraine, India, U.S.
- services other than web servers are increasingly common attack vectors - e.g., customers can't connect to your API (not sure what is meant by this example - most APIs I know are RESTful HTTP)
- script kiddies like Anonymous are rare - most DDOS that affect business is still done by extortionists, competitors, and collateral damage from online feuds
Comments
Sadly because of these people that flood eventually net neutrality is going to disappear and the gov is going to give ISP's limitless power to "stop the cyberterrorism". People won't hesitate to cash in their freedom for security....
ISPs don't have any power, if you look at the recent UK Pirate Bay block the ISPs DIDNT want todo it, but were forced to.
Naah....
You can buy booter access to OVH botnets that can do ~10Gbit of UDP for like $10/m.
Francisco
If only they had to actually pay the cost for the full line ($$$$+) then DDOS would be rare.
m as in month or minute? o0
They don't now, at least in the US, but considering the US is coporate america if they remove net neutrality ISP's would have unprecedented power. And while they could easily stop DDoS, their new power also would allow them to still ruin a free and open internet.
The ISPs are not interested enough in stopping DDoS, otherwise they would have done it already. No new laws are needed for this.
month.
Francisco
They're not allowed to get down and dirty like they would need to, to stop DDoS, otherwise you get into traffic shaping again and FCC will slap them.
@taipres they are not allowed to do what, BCP38? It's been published in May 2000.
Despite all of you think that ISPs cracking down on this kind of stuff would be the end to your personal privacy, Let's be honest. No one can hide from the internet.
People who actually use tools like LOIC and possibly even other victims computers to attack you clearly are doing it with knowledge that it is Ilegal, If the ISPs actually Investigated into things like this then this surely would decrease half of the attacks on major businesses, I am referring to groups like Annonymous, Lulzsec.
@Jacob It's not about hiding, it's about not giving ISP's and everyone else the power to treat people like a product or a number. The similar argument to what you're using is "you only use encryption because you have something to hide" which is completely flawed. Maybe people just don't want everyone and their brother looking at stuff that doesn't concern them. I mean what's next camera in public restrooms to "protect you against yourself"...there needs to be a real fine line, and politicans have spoke loudly that ISP's will abuse power they get, it's inevitable, Comcast in paticular already is, by ignoring their own datacaps for video services they offer yet imposing them on compeitiors customers like netflix etc...A company that's too big and too powerful helps no one, if At&t wasn't broken up back in the day, we wouldn't have verizon etc... today and we'd be stuck with at&t's crappy service.
@rds100 I don't believe they are, but i'll have to check into it.
Speaking of Comcast I just saw a ad on TV, they now offer home security!
In the same way it's not the post office's job to investigate when a crime is committed via "traditional" mail it's not the ISPs job to investigate what you are doing with the bandwidth you pay for.
Heh, oh geese :P They need to role out Ipv6 already. Also I think Comcast's dnssec may of helped stop sopa, so can't fault them for that.
Net neutrality isn't a ruling in the US so traffic shaping/port blocking/etc are all very much allowed. What isn't allowed is tampering with a stream and injecting RST packets like comcast was doing to stop torrenters :P
Francisco
Tidbit: Not in the US...
I know they are def. testing it, not sure if they rolled it out yet though.
Yeah they have
"All Comcast customers have automatically migrated to our DNSSEC validating servers. If for some reason you have manually configured your DNS IP addresses, we recommend you switch back to receiving them via DHCP and then release/renew your DHCP lease. If for some reason you wish to manually configuring your DNS servers, you may use the IPv4 addresses 75.75.75.75 and 75.75.76.76, and IPv6 addresses 2001:558:FEED::1 and 2001:558:FEED::2."
http://www.dnssec.comcast.net/
Isn't that the concept of value added services?
Well thats a government agency, the correct analogy for telcos would be privare mail services such as UPS for FedEX
I don't think so, the problem is Comcast owns a significant percentage of the US market in terms of providing internet services. So the fact they use this to cripple their compeitions ability to sell their services, like netflix, while promoting their own with no limitation, that's not fair practice and has to be illegal. In fact this is why I believe there's so many monopoly laws just so this kind of thing doesn't happen. As it literally removes the ability to compete. Granted Big corps abuse of patents does the same, ugh let me get patents out my mind, before I put my head through a wall or something out of anger.
The US has hardly any regulation in the communications sector.
Cough AT&T Cough Verizon Cough
Not true at all, in fact that's why the FCC exists, they regulate many things.
Well they do a pretty bad job at it, or regulate it so its better for companies then consumers.
Yeah I hear about the FCC in the news all the time, so they're definitely active, i'm just not sure if they're proactive. I will say though http://wiki.vuze.com/w/Bad_ISPs most those ISP's that abuse aren't in the US, so I think FCC has to be doing a decent job. I'd hate to live in China and use their crappy internet where everything is filtered and monitored and lame. I wish those billions of people would get rid of their communist gov, but if they're happy with it, more power to em.
+1
Eg you guys are forced to pay $60+ for a phone contract, even SIM-only, thats insane to us.