Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK, Not North Korea, Is Source of DDoS Attacks

Posted by kdawson on from the one-master-to-rule-them-all dept.

angry tapir writes "The UK was the likely source of a series of attacks last week that took down popular Web sites in the US and South Korea, according to an analysis performed by a Vietnamese computer security researcher. The results contradict assertions made by some in the US and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered." The Vietnamese security site's blog is linked from the article, but it is very slow even before Slashdotting. The researchers observed 166,908 zombies participating in the attacks — a number far larger than most earlier estimates.
Update: 07/14 21:24 GMT by KD : Wired is reporting that the UK owner of the IP address in question is pointing a finger at a server in Florida, which it says opened a VPN to the UK machine for the attacks. Once again, the attacker could be anywhere.

5 of 175 comments (clear)

  1. Inflammitory headline by jeffliott · · Score: 5, Insightful

    The article has no real indication that anything was the source, just that the last hop the analyst was able to track was in the UK...which means?

  2. Where != Who by dmomo · · Score: 4, Insightful

    Even if they attacks were proven to come from the UK... even if they came from North Korea, Nigeria, or Witchita KS..

    Does that really tell us about the culprit? It just tells us from where the attacks were launched. This could be because the attacker is from that area, or because the attacker wants to appear to be from that area.

    It's a clue. Nothing more.

  3. Re:Oh? by Volante3192 · · Score: 4, Insightful

    Even if it was an attack ordered by North Korea, there's no chance the actual payloads originated there. You could likely fit all of NK's network on a Class C without NAT and have room to spare.

  4. Re:Proxy? by GrenDel+Fuego · · Score: 4, Insightful

    Just secure your shit against DDoS attacks? Its not like they forgot to apply the "anti-ddos patch". Dealing with an attack from 100k+ hosts isn't something to be taken lightly. Its expensive (get a really fat pipe) and time consuming (identify and block attack traffic).

  5. Re:Oh? by interkin3tic · · Score: 5, Insightful

    Slashdot mentality always seems to be that any contradicting reports beat the initial report.

    No it doesn't.

    (waits for the +5 insightful mod)