Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Pickles - Lord of the Jar

Two record DDoSes disclosed this week underscore their growing menace

Recommended Posts

Posted · Original PosterOP
Quote

DDoS operators hack thousands, hundreds of thousands, and in some cases millions of Internet-connected devices and harness their bandwidth and processing power. The attackers use these ill-gotten resources to bombard sites with torrents of data packets with the goal of taking the targets down. More advanced attackers magnify their firepower by bouncing the malicious traffic off of third-party services that in some cases can amplify it by a factor of 51,000, a feat that, at least theoretically, allows a single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic.

These types of DDoSes are known as volumetric attacks. The objective is to use machines distributed across the Internet to send orders of magnitude more traffic volume to a circuit than it can handle. A second class—known as packet-per-second focused attacks—forces machines to bombard network gear or applications inside the target’s data center with more data packets than they can process. The objective in both types of attacks is the same. With network or processing capacity fully consumed, legitimate users can no longer access the target’s resources, resulting in a denial of service.

In the past, DDoSers abused servers running other widely used protocols that had been misconfigured. When not set up correctly, memcached, a database caching system for speeding up websites and networks, can amplify DDoSes by an unthinkable factor of 51,000, an innovation that powered the 2018 record of 1.7Tbps. Four years earlier, attackers abused the Network Time Protocol that servers rely on to keep clocks synchronized across the Internet. The technique, which magnifies junk traffic by about 19 fold, led to the 2014 DDoses that took down servers for League of Legends, EA.com, and other online game services.

In Thursday’s report, Akamai said that 96 percent of the IP addresses used to deliver the record 809 million packets-per-second DDoS over the weekend had never been observed before. The growing number of compromised IoT devices is likely fueling that increase.
“The collateral damage footprint of DDoS attacks is often far larger than the impact on the intended targets,” Dobbins said. “Suffice it to say that far more uninvolved people and organizations often have their activities disrupted by the collateral damage of DDoS attacks than those who are the actual targets of these attacks.”

These are definitely becoming a bigger and bigger problem. My brother recently had his site hit with a massive DDoS. If it weren't for cloudflair, he would have been completely knocked offline. These things are so disruptive even to just normal everyday stuff. too. The fact that these are getting bigger and more powerful are definitely an issue for sure. 

Source


Be sure to @Pickles - Lord of the Jar if you want me to see your reply!
For years I have lived in these crystal lands. My people were once plentiful. Many of those in my fiefdom revered me. However, one day a calamity hit. The fingers of the devil plucked us from our land, never to return. Now I am the sole heir to the throne. I am Pickles, Lord of the Brine, One of the Jar, Man of Preserves and Last of the Condiments. 

"Everyone is an expert in something. Never approach an interaction thinking someone is otherwise. Knowledge is acquired not earned. Always be humble and wise. Never look down on others for simply being ignorant within your realm of your expertise." ~ Unknown

Stopping by to praise the all mighty jar Lord pickles... * drinks from a chalice of holy pickle juice and tossed dill over shoulder* ~ @WarDance
3600x | NH-D15 Chromax Black | 32GB 3200MHz | GTX 1070 Hybrid (2100c/2241m) | Gigabyte X570 Aorus Elite | Seasonic X760w | Phanteks Evolv X | 500GB WD_Black SN750 | Sandisk Skyhawk 3.84TB SSD | 4TB HDD 

Link to post
Share on other sites

The only time an IoT device should be connected to the internet is [checks notes] never. 


Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites
4 hours ago, Pickles - Lord of the Jar said:

allows a single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic

Now imagine what could be done with LTT's upload speed...

Link to post
Share on other sites
On 6/26/2020 at 3:50 PM, ARikozuM said:

The only time an IoT device should be connected to the internet is [checks notes] never. 

I disagree, but they should be carefully managed if they are.

 

The problem is when you have Dave buying a security camera off of AliExpress, never updates the firmware and leaves the password as admin/admin


PC Part Picker Link || CPU: Intel i7 4790K @ 5Ghz; MB: ASUS Z97 Maximus VII Ranger; RAM: 16GB Corsair Vengeance 2400; GFX: Asus Strix 1080ti; CASE: Phanteks Enthoo Evolv ATX Glass; STORAGE: 500GB Samsung 960 Pro, 250GB 850 Evo, 500GB 850 Evo, 3TB WD Red; PSU: Corsair AX1200i; MONITOR: Acer Predator X34; PERIPHERALS: Razer Blackwidow Ultimate Chroma; Razer Deathadder Chroma, Audeze Mobius

 

Devices || Macbook Pro 15" (2016); iPad Pro 9.7"; iPhone Xr

 

Audio Gear || Headphones: Audeze iSine20; Audeze LCD-X; Audeze LCD-3; Mr Speakers Ether 2; Focal Clear; B&O H5; Sony MDR-1000x; AMP/DAC: Chord Qutest; Pathos Aurium; Bryston BHA-1; Matrix Audio Element X; Benchmark AHB2; Speakers: AudioEngine A5+; Focal Aria 936

 

 

Link to post
Share on other sites
11 hours ago, Belgarathian said:

I disagree, but they should be carefully managed if they are.

 

The problem is when you have Dave buying a security camera of AliExpress, never updates the firmware and leaves the password as admin/admin

Or when you have companies who make a product and then never offer firmware updates. There needs to be guidelines and whatnot for this stuff sadly but you have companies just as guilty of not providing firmware as you do end users not installing firmware updates when available.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
12 hours ago, ARikozuM said:

The only time an IoT device should be connected to the internet is [checks notes] never. 

Just go ahead of the issue and dont buy that junk.....

Link to post
Share on other sites

Imagine if all those DDoS power being used to compute protein folding instead.


Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 7 2700X @ 4.2Ghz          Case: Antec P8     PSU: G.Storm GS850                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition @ 2Ghz

                                                                                                                             

Link to post
Share on other sites
Posted · Original PosterOP
39 minutes ago, williamcll said:

Imagine if all those DDoS power being used to compute protein folding instead.

There actually isn't much processing going on and that really isn't how that works. What was mentioned in this article was an amplification technique to take a small attack, use some badly configured things and cause a massive amount of data to come out. 


Be sure to @Pickles - Lord of the Jar if you want me to see your reply!
For years I have lived in these crystal lands. My people were once plentiful. Many of those in my fiefdom revered me. However, one day a calamity hit. The fingers of the devil plucked us from our land, never to return. Now I am the sole heir to the throne. I am Pickles, Lord of the Brine, One of the Jar, Man of Preserves and Last of the Condiments. 

"Everyone is an expert in something. Never approach an interaction thinking someone is otherwise. Knowledge is acquired not earned. Always be humble and wise. Never look down on others for simply being ignorant within your realm of your expertise." ~ Unknown

Stopping by to praise the all mighty jar Lord pickles... * drinks from a chalice of holy pickle juice and tossed dill over shoulder* ~ @WarDance
3600x | NH-D15 Chromax Black | 32GB 3200MHz | GTX 1070 Hybrid (2100c/2241m) | Gigabyte X570 Aorus Elite | Seasonic X760w | Phanteks Evolv X | 500GB WD_Black SN750 | Sandisk Skyhawk 3.84TB SSD | 4TB HDD 

Link to post
Share on other sites
5 hours ago, jagdtigger said:

Just go ahead of the issue and dont buy that junk.....

I've got my fair share of them. I block the IP on those devices from getting through my switch. I only let them on when I need to update them.


Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites
3 hours ago, Pickles - Lord of the Jar said:

There actually isn't much processing going on and that really isn't how that works. What was mentioned in this article was an amplification technique to take a small attack, use some badly configured things and cause a massive amount of data to come out. 

Exactly. It is basically abuse of protocol and why there is a ton of research going into protocols that require proof-of-work (like Bitcoin). You won't get what you want without spending some processing power/time to show that you really want it. Downsides: battery consumption/latency.

Link to post
Share on other sites
11 hours ago, ARikozuM said:

I've got my fair share of them. I block the IP on those devices from getting through my switch. I only let them on when I need to update them.

I dont have any because i dont have a use-case for them, what these things offer is pretty much eyecandy or solutions for sickly lazy ppl.  I like the old "dumb" stuff, they are pretty much set it up once and you can forget about them because they do their job flawlessly. (Plus they use less electricity and much cheaper.)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×