Two record DDoSes disclosed this week underscore their growing menace

[Pickles von Brine]

Quote

DDoS operators hack thousands, hundreds of thousands, and in some cases millions of Internet-connected devices and harness their bandwidth and processing power. The attackers use these ill-gotten resources to bombard sites with torrents of data packets with the goal of taking the targets down. More advanced attackers magnify their firepower by bouncing the malicious traffic off of third-party services that in some cases can amplify it by a factor of 51,000, a feat that, at least theoretically, allows a single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic.

These types of DDoSes are known as volumetric attacks. The objective is to use machines distributed across the Internet to send orders of magnitude more traffic volume to a circuit than it can handle. A second class—known as packet-per-second focused attacks—forces machines to bombard network gear or applications inside the target’s data center with more data packets than they can process. The objective in both types of attacks is the same. With network or processing capacity fully consumed, legitimate users can no longer access the target’s resources, resulting in a denial of service.

In the past, DDoSers abused servers running other widely used protocols that had been misconfigured. When not set up correctly, memcached, a database caching system for speeding up websites and networks, can amplify DDoSes by an unthinkable factor of 51,000, an innovation that powered the 2018 record of 1.7Tbps. Four years earlier, attackers abused the Network Time Protocol that servers rely on to keep clocks synchronized across the Internet. The technique, which magnifies junk traffic by about 19 fold, led to the 2014 DDoses that took down servers for League of Legends, EA.com, and other online game services.

In Thursday’s report, Akamai said that 96 percent of the IP addresses used to deliver the record 809 million packets-per-second DDoS over the weekend had never been observed before. The growing number of compromised IoT devices is likely fueling that increase.
“The collateral damage footprint of DDoS attacks is often far larger than the impact on the intended targets,” Dobbins said. “Suffice it to say that far more uninvolved people and organizations often have their activities disrupted by the collateral damage of DDoS attacks than those who are the actual targets of these attacks.”

These are definitely becoming a bigger and bigger problem. My brother recently had his site hit with a massive DDoS. If it weren't for cloudflair, he would have been completely knocked offline. These things are so disruptive even to just normal everyday stuff. too. The fact that these are getting bigger and more powerful are definitely an issue for sure. 

Source

[Tech_Dreamer]

Quote

allows a single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic.

[ARikozuM]

The only time an IoT device should be connected to the internet is [checks notes] never. 

[TempestCatto]

4 hours ago, Pickles - Lord of the Jar said:

allows a single home computer with a 100 megabit-per-second upload capacity to deliver a once-unimaginable 5 terabits per second of traffic

Now imagine what could be done with LTT's upload speed...

[Belgarathian]

On 6/26/2020 at 3:50 PM, ARikozuM said:

The only time an IoT device should be connected to the internet is [checks notes] never. 

I disagree, but they should be carefully managed if they are.

 

The problem is when you have Dave buying a security camera off of AliExpress, never updates the firmware and leaves the password as admin/admin

[Lurick]

11 hours ago, Belgarathian said:

I disagree, but they should be carefully managed if they are.

 

The problem is when you have Dave buying a security camera of AliExpress, never updates the firmware and leaves the password as admin/admin

Or when you have companies who make a product and then never offer firmware updates. There needs to be guidelines and whatnot for this stuff sadly but you have companies just as guilty of not providing firmware as you do end users not installing firmware updates when available.

[jagdtigger]

12 hours ago, ARikozuM said:

The only time an IoT device should be connected to the internet is [checks notes] never. 

Just go ahead of the issue and dont buy that junk.....

[williamcll]

Imagine if all those DDoS power being used to compute protein folding instead.

[Pickles von Brine]

39 minutes ago, williamcll said:

Imagine if all those DDoS power being used to compute protein folding instead.

There actually isn't much processing going on and that really isn't how that works. What was mentioned in this article was an amplification technique to take a small attack, use some badly configured things and cause a massive amount of data to come out. 

[ARikozuM]

5 hours ago, jagdtigger said:

Just go ahead of the issue and dont buy that junk.....

I've got my fair share of them. I block the IP on those devices from getting through my switch. I only let them on when I need to update them.

[jagdtigger]

11 hours ago, ARikozuM said:

I've got my fair share of them. I block the IP on those devices from getting through my switch. I only let them on when I need to update them.

I dont have any because i dont have a use-case for them, what these things offer is pretty much eyecandy or solutions for sickly lazy ppl.  I like the old "dumb" stuff, they are pretty much set it up once and you can forget about them because they do their job flawlessly. (Plus they use less electricity and much cheaper.)