I just read this as well engine and this could be the reason I am having such a bad time with connecting to my adwords account in Google.

It ( the attacks ) have been happening for the last 7 days .

[spamhaus.org...]

That should be "May Be The Largest *Publicly* Known."

When reading the NYT article this morning I was struck by the way they qualified it a couple of times.

This might explain my wave of fresh zombie traffic that has killed off sales in the same period.

WOW. Yet people still balk and A/V programs and click on file attachments they shouldn't and unwittingly contribute to being part of this global pandemic.

I'm sorry, but the ISPs need to shut down access to all computers and servers involved in anything that has this much scale and they should keep them offline until they're fixed.

It should be law, period, as this is enough power to bring down online civilization as we know it if they ever wanted to do it.

I'm sorry, but the ISPs need to shut down access

This would be similar to the problems caused by services like Spamhaus. Who decides what is banned or not? We have had many run-ins with services like this because it doesn't take much to get blocked.

One of our services had built their userbase to 30,000 but in the end we couldn't email them because a few emails in there belonged to #*$!roaches whose only purpose was to report us as spammers every time we sent out a newsletter. The spam service wouldn't identify the complainants so that we could remove them. The service that we provided was non-profit volunteer support for artists worldwide.

The things that one sees when they don't have a gun...

It should be law, period, as this is enough power to bring down online civilization as we know it if they ever wanted to do it.

Be careful when you ask for new laws Bill. Often new laws contain a certain amount of overkill and other agendas come into play that you might not know about, yet.

This attack should be a reminder that you need to have a bullet-proof cache system that serves static pages(with NO relying on SQL databases) and that fully takes advantage of browser cache too.

If your site is fat with addons and plugins and a beefy set of database tables that all have to do their thing on EVERY pageload then your site is as much of a problem as the spam email service. Even an poorly optimized cache system isn't good enough nowadays. Speed matters! (are you listening CMS creators?).

With all due respect, as I was previously a web host, there is no technology that I'm aware of that could sustain a 300 billion bps attack. No amount of caching or removing fat widgets is going to do anything except waste your time making the changes when you get hit with a flood that exceeds the bandwidth of the host itself as your little server is just a pimple in the pipeline at that point. If you were going to do anything that might even have a chance at making a difference against a little DDoS is would be to get some standard bot blocking software in place that cuts off the problem before the page is even loaded and often has firewall blocks in place against the other hosting locations and countries responsible for launching most of these attacks so they bounce right off the server on contact.

The real problem are all the zombie machines in servitude because of idiots not keeping their computers and servers clean and blocking the hosting companies solves that problem, which I do, which leaves the residential machines as the bulk of the remaining problem.

On some servers I simply lock out entire countries that I don't do business with in the first place which means you only have to worry about infected machines being used within your service area being able to attack your server.

If you're on shared hosting you're just hosed because they don't have to target your site no matter how well you protect it, they just target the IP of the server itself or some other site on the server and bring you to your knees in seconds.

However, the scale here is what's scary. This is the level of terrorist stuff that could take entire governments offline, block access to power system controllers and kill the grid, or simply bring Wall Street or major banks to their knees and cause major upheavals in the financial sector and the resulting panic would cause major financial hits on the retirements plans of many, including us, as this is weapons grade internet power that literally could cause a war.

I hate laws, but when it gets to the point that the actions of these people can cause as much trouble as using any other weapon, just a technological weapon yet potential for real world impact that we may not even be able to fathom, it needs to be stopped.

In reality if you caused people to panic by invoking serious damage to the financial sector it could result in runs on banks, rioting, looting and people jumping out of windows just like what happened in the Great Depression so I can see the potential consequences of the actions of DDoS at this scale because fear makes many people irrational and that's when the real harm happens.

It hasn't happened yet, but I'm just saying that I can easily envision how you could use that sheer volume of internet power to cause such problems.

It's the same reason the FBI raids bunkers of weapons stockpiles because you can't start a war if you aren't armed and TBH suddenly finding myself living in a hostile situation caused by someone shutting down our infrastructure is not cool.

Want to easily cause a real panic? Just aim 300 billion bps at the servers used by Google Navigation and Google Maps and disconnect millions of people depending on Google to guide them to their destination while they're in transit which would also cause those self-driving cars to suddenly disengage and pull over to the curb. I'm hoping my above example isn't realistic as I would like to think that those driving directions are preloaded and cached but I know downloading the entire map for offline access or roaming areas has just recently been introduced and isn't the default so it's highly probable using the current implementation IMO.

Or even better, knock the Apple Maps offline as I'll bet they're a much easier target than Google with their massive bandwidth and infrastructure redundancies.

Heck, if they can afford to spend hundreds of dollars per weapon doing gun buybacks they could surely strike a deal with Geek Squad or something to send them around to fix all the infected machines being used in such attacks and help them firewall themselves from being part of the problem in the future. Probably unrealistic as this is just an flippant off the cuff idea obviously but I think it gets the point across that we need to do something as nothing is creating a real festering problem of Biblical proportions.

Imagine this, 300 billion bps is aimed at the military infrastructure to knock out their ability to monitor inbound enemy advances so while they're busy trying to stop the DDoS and get back online the bad guys are doing something really bad while those that are here to protect us are possibly temporarily blind and mute.

I could go on and on as I could easily spin and weave tales of how that kind of bandwidth could be devastating as a weapon and it's time lawmakers step in and do something.

That's how serious I see this kind of power and it's potential misuse.

+ ( as many as you'd like ;..or a "goodly number of goodly beers" :) internets to incrediBill..for the "civilian" explanation..the non civilian one involves things like hospitals ( in many countries ) etc etc too..and the what would happen if a hurricane hit at the same time as this crap ..or two hurricanes ..or ...

That's how serious I see this kind of power and it's potential misuse.

I guess that you are refering to the power and abuse by Spamhaas and other self-proclaimed authorities.

I guess that you are refering to the power and abuse by Spamhaas and other self-proclaimed authorities.

Spamhaus is the good guy here and if people didn't behave like animals and hijack the machines of innocent victims we wouldn't have any collateral damage of people being blocked in the first place nor would we need Spamhaus.

FYI, using reductio ad absurdum to make a point isn't becoming.

Interesting read:


The author of this text is of the opinion that while the attacks on Spamhaus are real, the claim that they have the potential to affect the entire Internet is more a marketing ploy of cloudflare to get more attention:


That Internet War Apocalypse Is a Lie

[gizmodo.com...]

Isn't this a DNS problem?

Can't this be partially solved at the DNS level?

If you think this is trouble, wait until people can't have their funny cat pictures.

Then all he-double-toothpicks will break out!

Well if it's a lie that's a shame because the threat is still real and now people won't be motivated to fix it.

They've uncovered more than one botnet with hundreds of thousands of machines involved and anyone can do the math that the average residential user probably has 1-3mbps upload, some burstable to 10mb or so, and servers tend to be in 10mbps or 100mbps varieties, so multiply those by thousands, tens of thousands, hundreds of thousands and you have something seriously potent on your hands.

FWIW, why nobody has alarm software for home machines to detect and isolate apps that spikes outbound data, doing spam or DDoS, like servers do is beyond me because it wouldn't take a very complicated piece of software to easily defeat a botnet program in your PC or even better yet, a little smarts in the router or cable modem could easily do the same thing.

Oh well, everyone just sits on their hands and does nothing.

Years ago I'd have been working night and day to solve such problems but if some big company like MS and the Linux guys can't or won't fix it, c'est la vie.

a tragedy of the commons writ internet style. everybody thought this cool thing was something to take limitless advantage of, and now that it is becoming polluted, the folks that made their money have moved on, and the solution is too big for any one person to solve, and the entrenched players are making too much and dumping their external costs on the unwitting. can't wait to see who steps up to the plate here.

Can't this be partially solved at the DNS level?

It actually shouldn't have been allowed to happen, but just like us folks who neglect to patch their machines, so have the DNS people. From what I understand the vulnerabilities being exploited have been around -- and known -- for years.

average residential user probably has 1-3mbps upload

256k upload here, which is typical of most connections in this country.

Spamhaus is the good guy here

That is a matter of opinion. As an ISP we did not need them. As an online service we wished them gone.

LIke I said before Spamhaus and the other DNSBL providers aren't the villain because if I want to harm your opt-in mail list all I need to do is get the email addresses of a bunch of rabid anti-spammers and other nut jobs that add themselves to opt-in lists and then freak out when they actually get email and put all those people in YOUR opt-in list, who'll scream murder to Spamhaus and cause your customers problems.

It's the animals out there sabotaging others for their own gain, either as spammers, seding opt-in lists with anti-spammers, running botnets, criminals one and all.

I won't say Spamhaus and the other DNSBLs don't cause problem for legitimate people on a regular basis but they also keep my servers mostly spam free and running instead of clogged with garbage so deep nobody can dig themselves out. Collateral damage is a shame, some of it's the fault of the individual being blocked, but the needs of the many...

FYI, every now and then my FIL can't send email from Comcast to us because of my DNSBL settings and I'm sure his machine is probably hacked and sends the occasional spam LOL