Slashdot Mirror

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.

An anonymous reader quotes a report from DSLReports: The United States is 28th in terms of wireless broadband data speeds, according to the latest Akamai state of the internet report (pdf, hat tip ReCode). According to the data collected by the company, the United States average mobile broadband speed is now a not-entirely unrespectable 10.7 Mbps. But that speed pales in comparison to the top average speeds being seen in the UK (26 Mbps), Cyprus (24.2 Mbps), Germany (24.1 Mbps), and Finland (21.6 Mbps). The report is quick to note that US carrier efforts to boost speeds via next-generation broadband aren't quite as cutting edge as carrier marketing departments might have you believe. Many U.S. carriers have promised that their own fifth generation (5G) broadband deployments should deliver theoretical speeds up to 1 Gbps as well, but serious deployment isn't expected until 2020 or so. Some of this lagging can be explained away by the United States' mammoth geography, though some of it can also be explained by what, until recently, has been fairly muted but theatrical competition between major carriers.

An anonymous reader quotes CSO: As more groups get into the denial-of-service attack business they're starting to get in each other's way, according to a report released Thursday... There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc. There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet. "And other people can come in and take over the device, and take those resources to feed their own botnet," he said. "I'm seeing that over and over."
The article reports a median size for DDoS attacks of 4 gigabits per second at the start of 2015 -- which droped in the first quarter of 2017 down to 500 megabits per second.

An anonymous reader writes from a report via The Verge: Content delivery network Akamai says the UK has the best average mobile connection speeds in the world. The State of the Internet report claims that British mobile users were able to get average speeds of 27.9 Mbps when connecting to Akamai's HTTP/S platform in Q1 2016, beating most countries in Europe by an average of more than 10 Mbps, and the United States' average speed by more than 20 Mbps. For comparison, the U.S. had an average connection speed of 5.1 Mbps, which was lower than Turkey, Kenya, and Paraguay, and on par with Thailand. Many European countries more than doubled the average U.S. speed, including Slovakia with 13.3 Mbps, France with 11.5 Mbps, and Germany with 15.7 Mbps. Algeria was only 2.9 Mbps slower than the United States' average with 2.2 Mbps, and they had the lowest average speed of countries included in the report. Akamai says its data shows that regular internet connections have continued to increase in speed, jumping 12 percent from Q4 2015 to 6.3 Mbps in Q1 2016, which is a year-on-year boost of 23 percent. Peak connection speed also rose to 34.7 Mbps, a 6.8 percent increase from the last quarter, and a 14 percent increase year-on-year. In addition, mobile data traffic is rising from just over 3,500 petabytes per month in Q1 2015 to more than 5,500 petabytes per month in the same period this year.

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.

According to data gathered by Akamai, an analysis from Broadview Networks comes to the conclusion that the top five U.S. states for broadband speed are Virginia (at the top of the list, with an average transfer speed of 13.78 Mbps), Delaware, Massachusetts, Rhode Island, and Washington, with Washington, D.C. slightly edging out the similarly-named state; Alaska comes in dead last. These are average speeds, though, and big states have more variation to account for, including connections in the hinterlands. You could still have a fast connection in Chattanooga, or be stuck on dial-up in the Texas panhandle.

New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."

alphadogg writes "A new report from Akamai Technologies (CT: Requires login) shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks. The report, which covers the third quarter of 2010, shows that 10 percent of attacks that came from mobile networks are directed at Port 23, which Telnet uses. That marks a somewhat unusual spike for the aging protocol used to log into remote servers but that has been gradually replaced by SSH."

1sockchuck writes "Web sites and social networks are scaling up for huge traffic during today's Inauguration. Photo sharing sites are expecting a surge in volume around the noontime swearing-in, while Twitter has doubled its capacity. Some net watchers say peak volume may not match the record levels seen on Election Night 2008 (as reported by Akamai's Net Usage Index). As noted yesterday, DC-area wireless networks are the most likely bottleneck for messaging and photo sharing. "

miller60 writes "News sites and political blogs are expecting extraordinary traffic tonight as Americans track results of the Presidential election, and are scaling their infrastructure to meet the challenge. Yahoo anticipates its Election Night traffic may be three times the volume seen in 2004, when it had 80 million page views on Election Day and 142 million more visits the following day. Hosting companies say customers have been ordering extra servers and load balancing services, while content delivery networks are also expecting a busy night. Will traffic approach record levels? Akamai's Net Usage Index, which tracks traffic to its customer news sites, is one metric to watch."

brandaman writes "Akamai, the largest content delivery network (CDN) with about 70% market share, recently won its lawsuit against the against second largest CDN - Limelight Networks. The suit asserted that Limelight was infringing on Akamai's patent which, upon examination, seems to be somewhat on the obvious side. 'In accordance with the invention, however, a base HTML document portion of a Web page is served from the Content Provider's site while one or more embedded objects for the page are served from the hosting servers, preferably, those hosting servers near the client machine. By serving the base HTML document from the Content Provider's site, the Content Provider maintains control over the content.' Limelight is obviously not pleased, and this is not the first lawsuit Akamai has won regarding its patents."

nieske writes "Of course we all want webpages to load as fast as possible, but now research has finally shown it: four seconds loading time is the maximum threshold for websurfers. Akamai and JupiterResearch have conducted a study among 1,000 online shoppers and have found, among other results, that one third of respondents have, at one point, left a shopping website because of the overall 'poor experience.' 75% of them do not intend ever to come back to this website again. Online shopper loyalty also increases as loading time of webpages decreases. Will this study finally show developers of shopping websites the importance of the performance of their websites?"

Jivecat writes "All those extra cameras NASA has added to the Space Shuttle to watch for debris impacts have yielded what may be the coolest Shuttle launch footage ever. The forward-facing view from the right-hand SRB shows, at about the 2:58 mark, booster separation and Discovery zooming away. Other views are available at the main mission site."

ChunKing asks: "I work for a small community broadcasting organization, and we operate a limited streaming media facility for a number of not-for-profit webcasters. It has always been an issue to optimize our streaming media infrastructure to most benefit our users. We operate a small cluster of servers from a data center with good connectivity and a highly-rated ISP, who will occasionally allow us to burst to unlimited bandwidth. For big webcasts, we will load balance the stream over a number of servers using round robin DNS. However, we still get problems with stream buffering and network drop-outs, particularly with streaming video. We cannot afford a network of edge delivery servers like Akamai, so in what ways can we further optimize our streaming media capacity to better produce smooth webcasts?"

A reader writes:"It appears that sometime during the night, Akamai had some problems causing some connectivitly issues with many hosts thoughout the night. Akamai provides a DNS load balancing solution to many major internet companies/sites including (but notlimited to) Google, Yahoo, etc. Is it a bad idea to rely so heavily upon one service for our major internet needs? " Not much details - but I can confirm having problems this morning. Thanks to alert readers for pointing that they were having "DoS related issues" and that service was restored as of 1400 GMT.

TonkaTown writes "Finally the solution for slashdotting, or just the poor man's Akamai? Freecache from the Internet Archive aims to bring easy to use distributed web caching to everyone. If you've a file that you think will be popular, but far too popular for your isp's bandwidth limits, you can just serve it as http://freecache.org/http://your.site/yourfile instead of the traditional http://your.site/yourfile and Freecache will do all the heavy lifting for you. Plus your users get the advantage of swiftly pulling the file from a nearby cache rather than it creeping off your overloaded webserver."

Frisky070802 writes "Technology Review, the MIT alumni magazine, has an article by Simson Garfinkel that compares the huge distributed systems run by Google and Akamai and speculates that Google might even consider buying Akamai. It also discusses the flame-out of Akamai after its tremendous IPO."

JohnQPublic writes "BIND author and all-around Internet personality Paul Vixie and Mirror Image Internet have recently received US patent 6,581,090, specifically '..technology that efficiently stores and retrieves content requests and balances Web traffic between origin servers to improve performance and speed' - sounds an awful lot like what Akamai do. There's a press release from last week that gives some lovely 'details', including this little gem from CEO Alexander M. Vik: 'We anticipate that these patents and our technology solutions will encourage large groups of corporations to become customers of Mirror Image services. We also recognize that this technology is a critical component of other content delivery services and weâ(TM)ll be attempting to work cooperatively with our competitors and their customers to address this issue.' Can you say 'patent infringement suit'?"