DDoS Attacks Exceed 100 Gbps For First Time

wiredmikey writes "The Sixth Annual Worldwide Infrastructure Security Report, released today by Arbor Networks, revealed that DDoS attack size broke 100 Gbps for first time; up 1000% since 2005. In addition to hitting the 100 Gbps attack barrier for the first time, application layer attacks hit an all-time high. Additionally, it goes on to show that as new equipment, protocols and services are introduced into networks, the vulnerable attack surface for DDoS is expanded. DDoS attacks are likely to continue as a low cost, high-profile form of cyber-protest in 2011 and beyond."

cyber protest

[Lueseiseki]

Are we really calling illegal attacks on a companies' servers "cyber protest" now?

Re:cyber protest

[doconnor]

Protests have often included illegal actions.

Re:cyber protest

[Senes]

You're not going to see a high-profile act of protest which has the explicit approval and blessing of the authorities.

Civil disobedience involves disobedience.

Re:cyber protest

doesnt mean it can't be civil

Re:cyber protest

I just wonder when a virtual Kent State will happen. After that event, it marked the complete end of protests in the 1960s in the US, similar to how China dealt with the T-Square protests made protests cease to happen completely within their borders.

As how this affects cyber-protests, the LOIC tool has an obvious signature, and it can't really be proxied, as most VPN services would have it cut off by their IDS/IPS system. So, it isn't far-fetched for ISPs to log who send out packets with the signature of this tool, hand the logs over to LEOs, then later on, the LEOs start with mass raids, Operation Sun Devil style. Because of precedent, an IP address is essentially an extension of the individual, so in court it would be easy to convict people en masse and put them in prison for a long time.

Re:cyber protest

First they ignore you, then they ridicule you, then they fight you, then you win.

Re:cyber protest

[Americano]

I thought that was an odd way to end the submission too. Of course, all the self-described anarchists and radicals who think that this is a useful form of "cyber protest" have surely also considered that what they're doing is using force to bludgeon someone else into submitting to their demands, and that their behavior is identical to the behavior of the people "subjugating" them.

Funny that we only seem to resent the jackboot when it's on someone else's foot, isn't it?

Re:cyber protest

There is nothing illegal about people CHOOSING to participate in a so-called DDOS 'attack'. It is no different to organizing a flash-mob to go and mill around the store (without buying anything) of a merchant who is behaving unethically to protest their behaviour. The merchant can ask anyone to leave but they have no way of distinguishing protesters from genuine customers. Similarly a site can block requests from specific IP addresses, but how do they decide which ones? Now creating a bot-net WITHOUT the consent of each machine is a different story. You should not however confuse the two and given that the most high profile 'DDOS attacks' of late are done by consent it seems obvious you are confusing them.

Re:cyber protest

[Americano]

There's a difference between non-violent 'civil disobedience' and using force to get someone else to submit to your demands.

What a DDoS attack does is not all that different from mugging someone, it's just a little less personal: "your money or your life" turns into "our demands or your livelihood."

Re:cyber protest

[Lumpy]

At least we are not calling them Cyber-TERRORISM... yet...

Re:cyber protest

[Lumpy]

REally?

Then explain the army approving the protests in Egypt.

Re:cyber protest

"Are we really calling illegal attacks on a companies' servers "cyber protest" now?"

White House cyber-security coordinator Howard Schmidt sure does:

http://www.newsweek.com/2010/12/21/interview-with-cyber-security-czar-howard-schmidt.html

Re:cyber protest

Just for you information, persons from Anonymuous who participate against Paypal and co has been arrested and will be suit in some country. (britain/france)
The funny things is that none of them use tools to be "anonymous" :)

Re:cyber protest

Are we really calling illegal sitting in companies' chairs sit-in protests now? Moron.

Re:cyber protest

[logjon]

Don't ask me to feel any worse for these companies than I do a crack dealer who gets mugged.

Re:cyber protest

[Nadaka]

Oh, yes. Some people are certainly calling it cyber terrorism.

Re:cyber protest

Well put.

Armchair protests such as a DDoS are a lazy mans way of being a bully, often as a way to express displeasure. There is rarely any real discontent or actual protest so much as an easy way to exact "revenge" for perceived wrongdoings and this is just a "low consequence" way of forcing someone else to bend to the will of some "powerful" script kiddie.

The second a DDoS is used for the "the good of all" will be a good day. Right now, it's just children throwing sand in a tantrum.

Re:cyber protest

[Americano]

Does the fact that the victim is a crack dealer somehow make it "okay" to threaten (or inflict) harm on them in order to steal their wallet?

You can condemn the actions of a crack dealer AND condemn the actions of a mugger, these are not incompatible positions, and they are in no way mutually exclusive. Two wrongs do not make a right.

Re:cyber protest

[logjon]

Why yes, yes it does.

Re:cyber protest

Point of fact: the sites' business was not harmed by the attacks.

I know you don't like it, nobody does. That's the entire point; you're not going to see sunshine and rainbows coming out of people who have been enraged to a breaking point.

Re:cyber protest

[krack]

not stopping and approving are two different concepts.

Re:cyber protest

[krack]

Mugging involves the use of actual physical force.

DoS attacks do not involve the use of physical force.

Re:cyber protest

[Americano]

Care to show your work and explain how you arrive at this conclusion?

Re:cyber protest

[Americano]

"enraged to a breaking point"?

Please. This is a bunch of comfortable middle-class kids thinking it sounds like a bunch of fun to fuck with someone else, especially when they can do so from the perceived anonymity of their home. It's low-effort, low-value protests that do nothing but give these people the reputation of being hooligans - They can watch Jersey Shore and post on 4chan while they "express their displeasure."

It got a lot of press for about 15 minutes, and where's the follow-through?

Re:cyber protest

[Americano]

You realize that "physical force" isn't the only type of force that can be exerted, correct? If somebody does something under duress, they are being forced to take an action that they would not voluntarily engage in. You can distinguish between the two types of force, certainly, but the fact remains that someone is being *forced* into something against their will.

A DDoS may not exert physical force, but it is most certainly using force to try to get the target to submit to a list of demands.

By your comment, you seem to be suggesting that as long as I don't use physical force to mug you, I'm completely in the right: pointing a gun at you and threatening to kill you unless you give me your wallet is perfectly legal, it's only illegal if I actually shoot you.

Re:cyber protest

[Dan541]

And those protests lost all legitimacy.

Re:cyber protest

[cheekyjohnson]

Does the fact that the victim is a crack dealer somehow make it "okay" to threaten (or inflict) harm on them in order to steal their wallet?

Of course! Anyone who breaks the law is inherently a bad person. Therefore, we should be able to do as we please to them. What could possibly go wrong?

Re:cyber protest

[monkyyy]

protesting is mostly illegal, other wise its meaningless complants

Re:cyber protest

[Kalriath]

Flawed statement. Sure, you can organise a flash mob around a building, but anyone who wants to go to that store can still get in (or the police will quickly arrest the people involved in the mob). During a DDoS attack, the target is completely inaccessible to legitimate customers. That's why it's not a valid form of "protest", but simply an illegal attack to disconnect a target business from what may well be their only way of operating. I'm sure you will feel so good about yourself when dozens or hundreds of people get laid off by an internet company that can't run because a group of dickheads decided to take out their web servers in "protest", and they end up on the street with their families begging for a dollar.

Re:cyber protest

[spazdor]

Like the civil rights movement, for instance. Hard to find a soul alive today who thinks those had any legitimac...

hang on

Re:cyber protest

[mywhitewolf]

but anyone who wants to go to that store can still get in

as long as they are comfortable walking through a store with a large group of people yelling about how immoral the owners are. cyber "protests" in the form of a DDoS is just as valid. just because its easier doesn't mean its not valid. also.

hundreds of people get laid off by an internet company that can't run because a group of dickheads decided to take out their web servers in "protest", and they end up on the street with their families begging for a dollar.

if your INTERNET company employs hundreds of people yet isn't able to afford any downtime then maybe you shouldn't make un-ethical decisions, or at least insure or put away for downtime that could be caused from anything, not just a DDoS attack.

Re:cyber protest

[Kalriath]

as long as they are comfortable walking through a store with a large group of people yelling about how immoral the owners are.
cyber "protests" in the form of a DDoS is just as valid. just because its easier doesn't mean its not valid.

No, they're not "just as valid" and they're not "protests". In your example, you can just walk through that crowd if you want. In a DDoS, you can't - because the target cannot respond. With a DDoS it's more like a flash mob showed up and stole all the money out of the cash register, and then nailed the doors to the business closed (this may come as a shock, but the business has to pay a lot of money for that bandwidth your DDoS chews up).

Second, when attacking companies like PayPal or Visa, you're actually negatively affecting millions of people as well as that business, who can't transact online, or miss payments like utilities or rent because they're trying to get money out of a PayPal account while the website's down. I sincerely hope that anyone who had issues because of the DDoS attacks all file civil suits against the immature fools "protesting" PayPal and Visa.

if your INTERNET company employs hundreds of people yet isn't able to afford any downtime then maybe you shouldn't make un-ethical decisions, or at least insure or put away for downtime that could be caused from anything, not just a DDoS attack.

I wasn't aware choosing who you want to do business with was unethical? This is news to me. So if I walk into your house because the door is open, it's unethical for you to tell me to leave? Nice! News flash: ethics is subjective. Choosing to kick Wikileaks wasn't unethical, just as asking someone to leave your house isn't unethical. Stop trying to spin it as if it was.

Re:cyber protest

[mywhitewolf]

No, they're not "just as valid" and they're not "protests". In your example, you can just walk through that crowd if you want. In a DDoS, you can't - because the target cannot respond. With a DDoS it's more like a flash mob showed up and stole all the money out of the cash register, and then nailed the doors to the business closed (this may come as a shock, but the business has to pay a lot of money for that bandwidth your DDoS chews up).

brick and mortar shops pay more in rent than what an internet company does in bandwidth allocation as well as having significantly less capacity to deal with excess customers. so yes, it will cost the company money, but not significantly more than a live "protest".

Not only this, but if the DDoS isn't large enough, you won't even realise there is a protest, where as 1 person in a store protesting can be much more disruptive.

Second, when attacking companies like PayPal or Visa, you're actually negatively affecting millions of people as well as that business, who can't transact online, or miss payments like utilities or rent because they're trying to get money out of a PayPal account while the website's down.

and if i protested at a bank or a post office you would have similar sort of problem, just to a smaller scale.

I wasn't aware choosing who you want to do business with was unethical? This is news to me. So if I walk into your house because the door is open, it's unethical for you to tell me to leave? Nice! News flash: ethics is subjective. Choosing to kick Wikileaks wasn't unethical, just as asking someone to leave your house isn't unethical. Stop trying to spin it as if it was.

your right, ethics is subjective, which means its also subjective to the motions of the internet where they make their income stream, the "internet" doesn't look too kindly on those against freedom of the press, this is beside the point... because the alternative to trying to appear ethical to anonymous from the internet is simply to invest against potential problems of your income stream, a shop owner with a brick and mortar shop Insures his property against the unforseen, why not for a website?

also,

Choosing to kick Wikileaks wasn't unethical,

true, however holding all of wikileaks money so they couldn't access it after they had legally entered in to a financial contract IS unethical. paypal didn't just stop doing business with wikileaks.

a voluntary DDos IS a form of protest, it's not as peaceful as collecting around a designated "protest" spot so that your not actually in the way of anything and unlikely to achieve anything.

Re:cyber protest

[badkarmadayaccount]

I do. Cue drug discussion.

Re:cyber protest

[badkarmadayaccount]

Reference PMITA federal prisons.

Re:cyber protest

Did they go around attacking the rights and freedoms of others? If I disagree with you can I come and smash your private property?

Fuck your rights if I call it a protest I'm free to attack you because my right to be heard is somehow superior.... Right?

Re:cyber protest

[spazdor]

Well, at that time in history, the "rights and freedoms" of white people included the right to their own exclusive water fountains and bus seats, so, yes. The civil rights movement was a coordinated and deliberate attack on their freedoms.

arab ministers should turn 'net back on

a sign of good faith. takes some of the fear out of it. one guy causes this logjam/life threatening 'block party'? doubtful. a happy ending is in order?

We need a new internet infrastructure project

Far too much of the country cannot avail themselves of a DDOS at these high rates. DDOS attacks should not be confined to those lucky enough to live in the big cities.

Moore's law applies to hackers!

[Virtucon]

With the increase in computing power and with innovations in attacks I think they'll reach 1TB/sec in six years...

key to world peace:

[Thud457]

a happy ending is in order?

It's all the wimmins' fault. I guarantee you if there were more happy endings, there'd be a lot fewer guys willing to smash, burn, loot or blow things up. Hell, just look at what they promise suicide bomber in Muslim Heaven.
.
.
.

Slow Down Cowboy!

Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.

It's been 1 hour, 23 minutes since you last successfully posted a comment

Chances are, you're behind a firewall or proxy, or clicked the Back button to accidentally reuse a form. Please try again. If the problem persists, and all other options have been tried, contact the site administrator.

seriously, eat a bag of racid AIDS, slashcode.
and at least pretend to attempt to render the goddamned formatting tags somewhat approaching correctly

Barrier

[necro81]

Could we please agree that 100 Gbps, especially in this context, is not a "barrier"? At best, it is a mildly interesting milestone in the march towards completely saturating the internet with crap. But it is not a barrier in the sense that there was some physical limitation that held us up on our way past it. True, it happens to match the rated throughput of a particular class of network routing equipment, but so what? The sound barrier was an actual barrier in airspeed, one which many objects and phenomena cannot overcome, and one that took extra effort to get humans past. A brick wall is a barrier to your forward progress that requires extra effort to push through (if you're into that kind of thing). But 100 Gbps is no more a barrier than 99 Gbps was or 101 Gbps will be. Round numbers are not barriers - they're just human conventions.

Re:Barrier

[jfengel]

All with you on that, but we're fighting a losing battle. It's standard journalistic puffery. "Barriers" are more exciting than "marks" or "levels". Those terms point out the irrelevance of the article itself: this level is arbitrary.

The fact that we're seeing record-breaking DDOS attacks is newsworthy, but for some reason "Record breaking DDOS attacks" seems too pedestrian for editors. Especially, perhaps, technology editors who live their lives on hype.

Re:Barrier

[MightyYar]

People like round numbers. Go with it or die frustrated.

Re:Barrier

People like round numbers. Go with it or die frustrated.

HA ! if this was true people would have celebrated end of millennium on 01/01/2000 !

Re:Barrier

[jroc242]

I disagree. Link speeds often go by 10's. 10Mb, 100Mb, 1Gb, 10Gb,100Gb. A large number of ISP's currently use 100Gb backbones.. Recently Veri*** offered us a DDOS solution where when a DDOS is detected, they offload the traffic onto their network which is 100GB and therefore can handle any DDOS attack.

In other news...

[haus]

PR group for company A says that a problem that our product 'solves' is really really bad.

Buy our product or you will be doomed.

Compromised by worm or trojan?

[MunkieLife]

Assuming most of these DDOS attacks come from from botnets; I wonder what percent of these DDOS attacks are made up of computers that were infected/compromised because they were left unpatched out in the open verses computers that were compromised because the user installed a pirated copy of some software that contained a virus or rootkit.

Given the reports I've heard of China and many other countries pirating 90% of their software http://slashdot.org/story/11/01/21/2217248/Ballmer-Says-90-of-Chinese-Users-Pirate-Software, I'd imagine there's got to be botnet makers who make software piracy the foundations of some big botnets. Anyone know?

Wait until

IPv6 is fully deployed and operational world-wide.

A good use of traffic shaping by ISPs

[JSBiff]

In general, I'm not a big fan of all the proposals by ISPs to limit user traffic, cap data, etc.

But, it seems to me that clamping down on DDoS's initiated by zombie networks would be a fabulous use of the related technologies. If the ISPs really want to cut down on traffic, start cutting off all the traffic from botnet zombies.

I wonder if they could even, using Deep Packet Inspection, figure out what traffic was specifically from the botnet, and refuse to route that traffic, while still allowing legitimate traffic (e.g. the user browsing the web with their web browser, playing online games, sending email, etc) from the same machines.

Re:A good use of traffic shaping by ISPs

[krack]

regarding your packet inspection comment, I suggest that would cost more than just soaking the DoS. Packet inspection is not cheap, especially at DDoS data rates. In fact, the inspection device would probably be the first to fail when a DoS came knocking.

Re:A good use of traffic shaping by ISPs

In general, I'm not a big fan of all the proposals by ISPs to limit user traffic, cap data, etc.

But, it seems to me that clamping down on DDoS's initiated by zombie networks would be a fabulous use of the related technologies. If the ISPs really want to cut down on traffic, start cutting off all the traffic from botnet zombies.

I wonder if they could even, using Deep Packet Inspection, figure out what traffic was specifically from the botnet, and refuse to route that traffic, while still allowing legitimate traffic (e.g. the user browsing the web with their web browser, playing online games, sending email, etc) from the same machines.

once you start doing DPI, what's preventing you from censoring unwelcomed search results, torrents, political information, etc?

Re:A good use of traffic shaping by ISPs

Once you have a car, what's to stop you from driving it through a crowd of people every day when you go to and from work? Simply put, because almost everyone would be overcome with guilt and grief over what they had done.

Why don't I spend all my free time on the side of the road picking up rubber particulates, hoping to one day have enough to build myself an enormous rubber hexagon, which I will then place in the forrest in the hopes that it will become good friends with the blueberries? Well, it wouldn't make any sense, that's why.

There are lots of things we don't do, even though we easily could. Sometimes we refrain because of hard consequences, such as the law. Other times though, it's nothing more than social convention, or because it simply doesn't make sense to us.

Morally objectionable crap like censorship is certainly more realistic than the above examples, but I absolutely don't think the existence of the technology alone is enough to make everybody do it.

Re:A good use of traffic shaping by ISPs

[matty619]

One of our ISP's here in San Diego, Cox, if it is detected that a large amount of spam, or other malicious connections are originating from your connection, will block everything and redirect any web requests to a captive portal page with instructions on how to clean your computer, and a number to call once you've done so to get your service re-activated.

Interesting remark on IPv6

[what+about]

Two things are interesting in the article
1) Firewalls are an easy target since stateful inspection table can be easily overflowed
2) Ipv6 is not something that helps the issue (I suspect the huge addressing space does no help, so is more crypto provisioning)

The only solution I see is for web sites to have an agreement with providers in the world whereby they can request a specific IP to be blocked to route to a specific web-site (for a limited period, obviously)
The magic should be done by means of automatic block request sent by the website to the offending IP source ISP..

Re:Interesting remark on IPv6

[Slayer]

If these automatic block requests are in place, bad guys can and will use these to effectively get your server off the net, either by faking these requests or by forcing your server to create an overwhelming abundance of these. Let's face it: it is out gun him (i.e. put up more resources) or out smart him (use your resources more effectively). No automated tool or mechanism will be able to do that, because automated smarts work for both the attacker and the defender.

Re:Interesting remark on IPv6

[what+about]

Requests are signed using agreed passwords between the ISP and the WEB server.
(That means exchanging authentication tokens before the crisis)
So, the request cannot be faked.
(Not all ISP need to participate and also not all web server need to participate, just the biggest )

Only a specific client can be shut off. The web server can easily identify it by TCP source IP (no dialog can happen otherwise)
No faking is possible for the botnet, it is up to web server policies to decide when to shut a client off at the source.

The key point is shutting the bot clients off at the source !

It does work, believe me.

Re:Interesting remark on IPv6

[VeNoM0619]

In short:
Server is already dropping the client's packets regardless.
Server only needs to send a response to buzz off.
Router receives the buzz off request, and simply verifies that yes, client sent a packet to the server. Block him (possibly log it, and when there are too many blocks for that client shut them off), opposed to forwarding it on to 20+ other routers, and a server that would drop it regardless. All ISPs would benefit, so it should be a mutual deal.

Not all routers would be able to perform this due to UDP and different routes being taken, however the last mile routers (ISP basically) would be responsible.

Amazon!

[hesaigo999ca]

Thanks Amazon, to the cloud my *ss!

Two appartment buildings worth of homes

[chris_7d0h]

Equates to my building and one of our neighboring ones. With 1 Gbps per apartment I fail to see the awe aspiring in the "accomplishment" from that perspective.
Assuming it wasn't my neighbors who got hacked and that the world's 500 million connected households have an average of 1Mbit/s uplink capacity, the feat might be interesting from another perspective than the consumed bandwidth; being able to orchestrate 100k drones without being traced. That's pretty cool since there must have been quite a couple of decoy routers and mechanisms in place to prevent tracing the origin of an orchestration like that. "Secret" command and control center of modern warfare, cloak and a 100k daggers.

Perhaps the USG should track these people down and recruit them in order to bolster the forces for their War On Internet (their goals seem aligned after all).

Nutcases to the core...

Sounds like Arbor is needing to sell some more "e-series" products.... just saying.