Fight Jams Internet

teckk · Mar 27, 2013

Fight Jams Internet
http://www.nytimes.com/2013/03/27/t...dispute-becomes-internet-snarling-attack.html

fonz · Mar 27, 2013

teckk said:
Fight Jams Internet
http://www.nytimes.com/2013/03/27/t...dispute-becomes-internet-snarling-attack.html

This requires a login. Can you post a brief summary of what it says?

teckk · Mar 27, 2013

No, it doesn't reqire login

Firm Is Accused of Sending Spam, and Fight Jams Internet

A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world.......

Unless it's for US view only.....I never thought of that. Try going through a US proxy.
http://www.proxy4free.com/

_martin · Mar 27, 2013

I'm viewing it from Slovakia and no login is required; I can see the text without problem.

fonz · Mar 27, 2013

I tried it again just now and it still requires me to login to a NY Times account.

wblock@ · Mar 27, 2013

http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho

DutchDaemon · Mar 28, 2013

http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet

throAU · Mar 28, 2013

fonz said:
This requires a login. Can you post a brief summary of what it says?

Cliffnotes:

Spammer-friendly ISP located in hardened bunker generates 300 gigabit D.O.S. on spamhaus.org servers after finding itself on the blocklist.

wblock@ · Mar 28, 2013

And a less breathless followup: http://gizmodo.com/5992652/that-internet-war-apocalypse-is-a-lie

kpa · Mar 28, 2013

Use of spamhaus services is your decision and if you set up your systems in such a way that they go down when spamhaus services are not available you're the one to blame.

break19 · Mar 28, 2013

kpa said:
Use of spamhaus services is your decision and if you set up your systems in such a way that they go down when spamhaus services are not available you're the one to blame.

The problem is, that this particular DoS uss DNS, fakes thousands of DNS requests to Spamhaus.. from other users.. Which then causes Spamhaus to send info BACK to those people.. slowing down traffic in the process.

It's not so much that these servers are "relying" on Spamhaus, it's that the traffic is overwhelming major backbone servers, and slowing down things for people who connect off those.

break19 · Mar 28, 2013

However, it's slightly overblown. Only certain connections are being overwhelmed. NOT the entire internet, as previously claimed.

Savagedlight · Mar 31, 2013

More information related to the attack: https://isc.sans.edu/diary/Where+Were+You+During+the+Great+DDoS+Cybergeddon+of+2013+/15496

Savagedlight · Apr 1, 2013

break19 said:
The problem is, that this particular DoS uss DNS, fakes thousands of DNS requests to Spamhaus.. from other users.. Which then causes Spamhaus to send info BACK to those people.. slowing down traffic in the process.

It's not so much that these servers are "relying" on Spamhaus, it's that the traffic is overwhelming major backbone servers, and slowing down things for people who connect off those.

Everything I've read on the topic states that a bunch of open recursing DNS servers were queried with fake source addresses, making those servers send (large) replies to the intended victim. As Cloudflare didn't go down, they started hitting Cloudflares individual upstream providers instead.

I believe this method is also called DRDoS (Distributed Redirected Denial of Service), and I remember reading an article about it over at grc.com several years ago, although I can't find it now.

sossego · Apr 2, 2013

Somewhere, somebody still has an unpatched version of ping.......

Fight Jams Internet

teckk

fonz

teckk

_martin

fonz

wblock@

DutchDaemon

Administrator

throAU

wblock@

kpa

break19

break19

Savagedlight

Savagedlight

sossego

Retired from the forums