Largest DDoS In History Reaches 300 Billion Bits Per Second

← Back to Stories (view on slashdot.org)

Largest DDoS In History Reaches 300 Billion Bits Per Second

Posted by Unknown on Wednesday March 27, 2013 @01:31AM from the making-enemies dept.

An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."

93 of 450 comments (clear)

Min score:

Reason:

Sort:

Watch your clauses, people! by Looker_Device · 2013-03-27 01:31 · Score: 5, Informative

The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.
I think what they meant to say here was: "The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist."

--
Your political party doesn't care about your rights and only represents corporate interests.
1. Re:Watch your clauses, people! by Nerdfest · 2013-03-27 01:34 · Score: 5, Funny
  
  A Slashdot editor Yoda has become.
2. Re:Watch your clauses, people! by Anonymous Coward · 2013-03-27 01:37 · Score: 5, Informative
  
  I came here to say this, and was all prepared to lambaste the summary, when I took the time to discover that the sentence is straight from TFA!
  Great jorb, New York Times. And they wonder why newspapers are dying.
3. Re:Watch your clauses, people! by PartyBoy!911 · 2013-03-27 02:00 · Score: 5, Informative
  
  Me neither, Netflix isn't even available for Dutch people.
4. Re:Watch your clauses, people! by wmac1 · 2013-03-27 02:25 · Score: 5, Funny
  
  I wish there was a smaller unit than bits. The headline would become more exciting!
5. Re:Watch your clauses, people! by HornWumpus · 2013-03-27 02:34 · Score: 4, Insightful
  
  The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist.
  Too spammy, too many words, blacklist twice: The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its e-mail blacklist.
  Removing words is like removing lines of code. Almost always makes it better.
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
6. Re:Watch your clauses, people! by Sulphur · 2013-03-27 02:37 · Score: 3, Funny
  
  A Slashdot editor Yoda has become.
  Edit or edit not; there is no try.
7. Re:Watch your clauses, people! by Mindcontrolled · 2013-03-27 02:40 · Score: 4, Funny
  
  Edit or edit not; there is no try
  On the edit-not side, the slashdot editors firmly are. Hmmm. Not give in to that side you must!
  
  --
  Ubi solitudinem faciunt, pacem appellant.
8. Re:Watch your clauses, people! by Phreakiture · 2013-03-27 02:49 · Score: 2
  
  How about symbols?
  
  --
  www.wavefront-av.com
9. Re:Watch your clauses, people! by telchine · 2013-03-27 02:49 · Score: 5, Funny
  
  Removing words is like removing lines of code. Almost always makes it better.
  Removing ... words is like ... better
10. Re:Watch your clauses, people! by Sulphur · 2013-03-27 02:55 · Score: 3, Funny
  
  Edit or edit not; there is no try
  On the edit-not side, the slashdot editors firmly are. Hmmm. Not give in to that side you must!
  Ubi solitudinem editoriam faciunt, slashdotum appellant.
11. Re:Watch your clauses, people! by Phreakiture · 2013-03-27 02:59 · Score: 3, Interesting
  
  It doesn't.
  The complaint is that the traffic resulting from the computers participating in the botnet that is behind this DDoS attack is sufficient, from wherever it is, to knock off legitimate use. As the bots can be anywhere, some are in the US. Those bots are causing grief for Netflix users.
  
  --
  www.wavefront-av.com
12. Re:Watch your clauses, people! by omnichad · 2013-03-27 03:01 · Score: 4, Interesting
  
  Just a badly written article. The attack was a spoofed attack on DNS root servers (I think - badly written article) that reflected back toward Spamhaus. This would cause disruptions to DNS and to Spamhaus. By extension, the huge amount of traffic seems to be slowing down just about everything.
  Don't know when this started, but I was watching Netflix on Monday and got 2 dots instead of my usual 4 and I'm in the Midwest US.
13. Re:Watch your clauses, people! by NatasRevol · 2013-03-27 04:06 · Score: 2
  
  And some of them speak Dutch!
  Hence, Dutch Netflix users.
  #NewspaperLogic
  
  --
  There are two types of people in the world: Those who crave closure
14. Re:Watch your clauses, people! by geminidomino · 2013-03-27 04:08 · Score: 3, Funny
  
  Shut up. The crosswords are still good.
15. Re:Watch your clauses, people! by femtobyte · 2013-03-27 05:24 · Score: 5, Insightful
  
  SI unit prefixes are readily available anytime you need them.
  -femtobyte
16. Re:Watch your clauses, people! by ackthpt · 2013-03-27 05:26 · Score: 2
  
  How about symbols?
  Cubic Emoticons.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
17. Re:Watch your clauses, people! by davester666 · 2013-03-27 06:02 · Score: 3, Funny
  
  Electrons. Quintillions of highly charged electrons running wild.
  
  --
  Sleep your way to a whiter smile...date a dentist!
18. Re:Watch your clauses, people! by Mindcontrolled · 2013-03-27 06:35 · Score: 2
  
  Well played Sir. I'd go for an third declension adjective construction. "solitudinem editorialem", though. That's a neo-latin problem, so it is made up anyway :D
  
  --
  Ubi solitudinem faciunt, pacem appellant.
19. Re:Watch your clauses, people! by thoughtfulbloke · 2013-03-27 07:44 · Score: 3, Funny
  
  In fact, the crosswords are so popular that they have decided articles should become more cryptic to draw in the same audience.
20. Re:Watch your clauses, people! by HappyPsycho · 2013-03-27 08:13 · Score: 3, Informative
  
  Yes, its called Reverse path forwarding http://en.wikipedia.org/wiki/Reverse_path_forwarding for this specific case you would want the unicast version (uRPF).
  The concept boils down to a simple question,
  "I just got a packet from A.B.C.D on interface ethX, if I had to send a packet to A.B.C.D would I use ethX?"
  If the answer is yes, then the packet goes along its merry way. If the answer is no, then the packet is most likely spoofed and is dropped.
  The performance impact is negligible as such lookups for the destination are already fully optimized by ASICs (hence a cisco 7600 with a measly 300Mhz processor can still route gigabit at wire speed), multi-path is a non-issue (assuming a non-brain dead implementation) as if multiple paths exist the answer to the question would still be yes as long as it came from one of the valid paths.
  There might be valid reasons for asymmetric traffic which may prevent this from being universally deployed (say some satellite providers which only send download via satellite and upload is over something else) but for the vast majority of ISPs its safe to deploy.
  At the ASN level each ISP is assigned a block of ips, if you are not a transit its a simple matter of just filtering to ensure nothing leaving your network is saying otherwise. Once you hit transit links both this scheme and RPF lose their power as depending on the failure almost any transit link can be a valid path. For such a scheme to work it has to be implemented as close to the end point as possible (which is the general structure of the Internet, intelligence sits near the edge where traffic volumes are reasonable, core is dedicated to just high speed movement of traffic).
21. Re:Watch your clauses, people! by Phrogman · 2013-03-27 08:49 · Score: 3, Interesting
  
  I wonder if anyone can calculate the environmental impact of sending all those DDOS packets? Overall can it be claimed that spam and botnets are having an appreciable impact on the economy by wasting all that energy required to transmit all those pointless packets?
  
  --
  "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
22. Re:Watch your clauses, people! by SirParadox · 2013-03-27 14:06 · Score: 2
  
  This is why we need to kick folks off the internet who have their name servers as public recursive revolvers. And implement BCP38 more.
Bunker by ISoldat53 · 2013-03-27 01:37 · Score: 5, Funny

The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.
1. Re:Bunker by Anonymous Coward · 2013-03-27 01:46 · Score: 2, Interesting
  
  It is. It is a literal bunker, that is also a datacenter, run by a company of the same name.
2. Re:Bunker by Psyborgue · 2013-03-27 01:46 · Score: 4, Informative
  
  It is a bunker. And it's not so simple, as this swat team discovered.
3. Re:Bunker by JaredOfEuropa · 2013-03-27 02:00 · Score: 4, Informative
  
  That is not a SWAT team, those guys would be better armed and a little more bullet proof. This is just Dutch police in riot gear, of which these woven bamboo shields are a standard component. According to an ME (riot police) buddy, the bamboo shields are pretty good, lighter than the more common plastic shields, and more flexible, meaning they are better at deflecting thrown objects. The only disadvantage is that they do not stand up well to stab weapons, which has not really been an issue until a group of squatters defended themselves with iron pipes with large spikes capable of puncturing these shields.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
4. Re:Bunker by KiloByte · 2013-03-27 02:01 · Score: 5, Interesting
  
  Except that this bunker has an air reprocessing center. It's a whole underground complex, meant to house a part of NATO's command center in the event of a thermonuclear war.
  On the other hand, cutting the network cable would indeed render the criminals inside nice and fluffy, with a self-inflicted prison sentence if they decide to refuse to go out. They already resisted police raids twice, including once by a SWAT team.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
5. Re:Bunker by kubajz · 2013-03-27 02:03 · Score: 2
  
  Call me skeptical, but I am not so sure that a) SWAT teams have round leather shields, b) all members of the team raise their shields int the very same moment, c) they all wear gas masks but no firearms, but hold batons in their hands although nobody is in sight, d) a camera from within the bunker is so nicely positioned to take a picture of the team. Could it be a nice publicity gimmick instead?
6. Re:Bunker by NeverVotedBush · 2013-03-27 02:11 · Score: 2
  
  I bet flooding it with CO2 might have an effect, though. ;-)
7. Re:Bunker by silas_moeckel · 2013-03-27 02:16 · Score: 2
  
  It's really simple, hey judge can you issue an order to cut of there internet access. Sure. Hand order to there peers. No fiber need be harmed when you can just shut down the port at the far end.
  That ass said I doubt that the traffic originates from cyberbunker they do not have 30 10ge connections.
  
  --
  No sir I dont like it.
8. Re:Bunker by MrMickS · 2013-03-27 02:36 · Score: 2
  
  The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.
  Interesting that people on Slashdot really think that the DDOS attack is being co-ordinated from hosts housed in the Cyberbunker hosting site. Are people really that out of touch with how botnets and DDOS attacks are managed?
  
  --
  You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
9. Re:Bunker by marcovje · 2013-03-27 02:44 · Score: 4, Interesting
  
  I don't think those powerhungry air scrubbers are still online all the time.
  And I surely hope that the Cold War independent energy source (probably a small nuclear reactor) was removed, so cutting power should simply work. As soon as the batteries drain, end of story.
  But note that the whole SWAT story seems to have Cyberbunker as only source in the linked articles. I wouldn't take their (spamming ddosers they are) word for it.
  The whole article regurgitates the vibe that CB wants to spin, it is not a factual description of reality. The main NATO HQ on Dutch soil used to be the Cannerberg (which could house government and parlement), while the said location afaik is only a minor relay station, and the spin seems to borrow facts from more major bases.
10. Re:Bunker by Mindcontrolled · 2013-03-27 02:48 · Score: 4, Funny
  
  Are you saying that nuking the site from orbit is NOT a way to be sure? The hills, guys, run for them...
  
  --
  Ubi solitudinem faciunt, pacem appellant.
11. Re:Bunker by Desler · 2013-03-27 03:11 · Score: 2
  
  To add this bunker was built to withstand a 20 megaton blast at 5km away. That is enough blast to completely level a major city. In comparison an RPG has a TNT equilvence of a couple of dozen kilograms. A daisy cutter had TNT equivalence of about 10 tons. Both are fucking pea shooters.
12. Re:Bunker by 50000BTU_barbecue · 2013-03-27 03:11 · Score: 5, Funny
  
  If they're atheist bombs, you don't deliver them by USPS.
  
  --
  Mostly random stuff.
13. Re:Bunker by GreenTom · 2013-03-27 03:15 · Score: 5, Insightful
  
  I don't know..I'm not a combat engineer, but I don't think any bunker can last long if determined professionals are allowed to freely operate outside it. "nuclear bunker" means certain things about tolerance to over pressure, shock, contaminated air, etc., but doesn't do all that much against people with jackhammers and drills. The wikipedia page says the cyberbunker has 5 meter thick reinforced concrete walls, which would probably keep you and me out, but I'm sure can be defeated in time with civil engineering equipment. Beyond that, if you've got guys who know what they're doing poking around outside the bunker, there's whole worlds of things they can do.
  
  These Danish cyberbunker people seem to share a mindset with the U.S. Ruby Ridge crowd, and they're both wrong. Making yourself an immobile target and defying state power in a developed nation really only has two outcomes: either you're not enough of a nuisance to provoke action, or you get crushed.
14. Re:Bunker by LordLimecat · 2013-03-27 03:17 · Score: 3, Insightful
  
  If the SWAT team really wants to get in and has the backing of the local government, theyre going to get in. Break out some torches / thermal lances and go to work on the door.
  Generally bunkers and other fortifications only work if you prevent combat engineers from going to town on the premises.
15. Re:Bunker by rvw · 2013-03-27 03:23 · Score: 3, Funny
  
  That picture is hilarious! Are those medieval shields?
  This is the Netherlands. Those shields are made of weed. They are softer on the rioters, who cool down easier when this is used.
16. Re:Bunker by de+Siem · 2013-03-27 03:35 · Score: 3, Insightful
  
  Which hills, this in the Netherlands. A ditch is probably the best you gonna get!
  
  --
  Beating up people in little rooms, if you do it for a good reason you do it for a bad one.
17. Re:Bunker by EasyTarget · 2013-03-27 03:43 · Score: 4, Interesting
  
  You have obviously never seen the ME in operation; I have, it was not pretty. I especially liked the skill with which on of the mounted leant really low in the saddle to beat his stick on the heads of two women treating an unconscious man.
  
  --
  "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
18. Re:Bunker by LordLimecat · 2013-03-27 03:47 · Score: 3, Informative
  
  What materials exactly are they that are going to resist 4500 C cutting tools? You realize that a lot of bunkers are largely concrete, and that a thermal lance will go right through that, right? And that no bunker would completely withstand a nuclear blast-- it would take some damage, there is just sufficient material and the blast is sufficiently spread out that the bunker stands.
  Once you start focusing with a lance on a bunker door, or break out a bunker-buster bomb designed to penetrate before exploding (rather than the mid-air explosion of a nuclear bomb), the bunker will fall.
19. Re:Bunker by Culture20 · 2013-03-27 03:47 · Score: 2
  
  One is directed and sustained, the other is not. Heck, the most powerful nuclear fusion explosion in the solar system hits the front door of that facility daily, but you can do more damage with a pen knife because the sun's rays aren't directed.
20. Re:Bunker by LordLimecat · 2013-03-27 03:48 · Score: 2
  
  Thermal lance.
  The misconception here is that there are materials being used which can stand next to a nuclear blast and take no damage. Bunkers are generally concrete, and have doors; those can be breached by thermal lances (used in construction) and by strong explosives, or by bunker-buster bombs.
21. Re:Bunker by LordLimecat · 2013-03-27 03:55 · Score: 3, Interesting
  
  How many 20 megaton bombs have been used, and how many bunkers would withstand one?
  More to the point, what materials are being used, then, that will withstand a 4,500 C cutting tool for any appreciable length of time?
22. Re:Bunker by LordLimecat · 2013-03-27 04:28 · Score: 3, Interesting
  
  A 1MT bomb will obliterate the blast door.
  I dont know that there are any materials we have that are designed to resist a point-blank nuclear bomb; generally the solution is "throw more concrete at it".
23. Re:Bunker by Anonymous Coward · 2013-03-27 04:32 · Score: 2, Interesting
  
  For an instant; a 20MT bomb doesn't apply that heat for hours on end, in a very focused delivery mechanism. I work in a bunker designed to withstand a 10MT blast point-blank, and we routinely have to make structural modifications to accommodate equipment upgrades, etc. One can often hear jackhammers running for days on end, and the work is ultimately successful, despite a jackhammer delivering far less kinetic force than a 10MT nuclear weapon.
24. Re:Bunker by Runaway1956 · 2013-03-27 04:47 · Score: 3, Insightful
  
  Ruby Ridge crowd? Uhhhmmmm - how many people were in that "crowd" that you refer to? And - the guy didn't make himself an "immobile target" exactly. That's just kinda sorta the thing that happens when you start raising a family. It's tough to raise kids on horseback, or in a Greyhound bus, or whatever.
  https://en.wikipedia.org/wiki/Ruby_Ridge
  Three adults, one kid, versus a myriad of entangled government agencies.
  Perhaps you're confusing Ruby Ridge with Waco? There was a real crowd in Waco.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
25. Re:Bunker by nbauman · 2013-03-27 04:50 · Score: 2
  
  I'm sure can be defeated in time with civil engineering equipment.
  You could ask those guys who bore railroad tunnels through the alps.
26. Re:Bunker by yurtinus · 2013-03-27 04:55 · Score: 2
  
  But, there will surely be a salvage company in a nearby town with the tools to break through the door. GG(g?)P's most valid point is that fortifications aren't going to hold unless you can keep people on the outside from dismantling them. Somehow I doubt the guys inside are going to start shooting and they sure as heck are not going to be getting relieved by an outside force. Give it a day or two, and this will be resolved. If I were a betting man I'd say the guys inside just open the door before it goes too much further.
  
  --
  +1 Disagree
27. Re:Bunker by sjames · 2013-03-27 05:00 · Score: 2
  
  The interesting and telling part from their site is that they didn't really resist the raid, they just didn't notice it.
28. Re:Bunker by jafiwam · 2013-03-27 06:27 · Score: 2
  
  The bunker is meant to be self-sustaining for 10 years. The SWAT is not going to do a multi-year seige to get in there. So, yes, while they can't stay in there forever a SWAT would not breach it. Otherwise it would be worthless for its purpose.
  So?
  Cut the internet and maybe power connections, berm over the air handlers, and pave where applicable and forget about it.
  I doubt the nerds inside have the capability of getting OUT from under a D9 created mound of debris.
  When their parents call because junior hasn't been eating the hot pockets placed mommy the top of the basement stairs they'll figure out who is in there, and who to send the bill to.
  Seriously though, if I were a CLEC or any other data provider I would have shut them off saying "breech of contract, sorry we won't help defend you from the feds, goodbye"
29. Re:Bunker by lgw · 2013-03-27 06:29 · Score: 3, Interesting
  
  All it takes to breach any bunker is a jackhammer. The big jackhammers mounted on heavy construction equipment eat through concrete and rebar with impressive speed - making a hole at several inches per minute.
  Most concrete slabs can be removed by punching a few holes around the piece you don't like, then just knocking it a few times with the full weight of the excavator, shattering the concrete slab. If the bunker wall is a single concrete slab many feet thick, you'd just tamp some small explosives into the hole, remove a foot or so of concrete, then repeat.
  Carving a roadway out of a granite cliff face is very low tech and well understood these days, and just making a hoe a few feet across in a thick concrete slab is in fact something that any construction demolitions company could do pretty easily with common equipment.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
30. Re:Bunker by StormyWeather · 2013-03-27 08:22 · Score: 2
  
  Actually it does let them defy the government, it just comes at the cost of their lives. Whether that cost is acceptable is left as a judgement call to the citizen.
31. Re:Bunker by leonardluen · 2013-03-27 08:50 · Score: 2
  
  you do realize that a bullet proof vest doesn't work well against knives even though a bullet contains a lot more force than a typical knife attack.
  a similar idea applies to this bunker. yes it can take a nuclear blast, however that doesn't make it indestructible by any means. any determined foe with direct access to the facilities will eventually get in. the main thing that makes the bunker nuclear proof is really thick concrete, and that is rather simple to break up, heck we do it every day on various roads or buildings that we are replacing.
from tfa: by Anonymous Coward · 2013-03-27 01:41 · Score: 4, Insightful

“These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare. “It’s so easy to cause so much damage.”
relax dude, its just spam, not nuclear warfare. shut the computer off and go outside for a couple of hours.
1. Re:from tfa: by cdrudge · 2013-03-27 03:02 · Score: 2
  
  It's just a comparison. With a nuclear war, the target may be destroyed, but there is always going to be collateral damage to innocent around the target. With this attack, it's very powerful (like a nuclear bomb) and it has affected many unrelated, innocent companies/users (like a nuclear bomb).
  Shutting off the computer and going outside may work for John Q. Public when his favorite gaming server is experiencing high latency as a result. When your job is to consult to prevent or mitigate this specific attack, an attack that likely isn't going to let up in a couple of hours, then shutting down and going outside isn't exactly an option.
don't RTFA by slashmydots · 2013-03-27 01:44 · Score: 5, Funny

WARNING: if you attempt to RTFA, you will also be bombarded by a DDOS of spam ads. I appreciate the realism but it's kinda annoying.
Old is new again by Papa+Legba · 2013-03-27 01:44 · Score: 4, Informative

I find it very interesting that they are using a variation on the Old Smurf attacks for this. Sending a message to other places that work as an amplifier. You would think that after 10 years we would have learned that blind, unchecked, forwarding is not a good thing.

--
Papa Legba come and open the gate
1. Re:Old is new again by Rakarra · 2013-03-27 07:01 · Score: 2
  
  I think his point is that the ISPs from where these packets originated should never have allowed those spoofed packets out. And the network backbone of that ISP should never have allowed those spoofed packets to reach the DNS servers. And so forth.
Don't forget the power cord! by dclozier · 2013-03-27 01:45 · Score: 2

Cutting their communication lines was the first thing I thought of too. Then cutting their power lines. I may not have enough cofee in me to calm me down this morning but visions of the Dirty Dozen dumping fuel and grenades into their bunker came to mind. }:D
1. Re:Don't forget the power cord! by ackthpt · 2013-03-27 05:27 · Score: 4, Funny
  
  Cutting their communication lines was the first thing I thought of too. Then cutting their power lines. I may not have enough cofee in me to calm me down this morning but visions of the Dirty Dozen dumping fuel and grenades into their bunker came to mind. }:D
  If Carnival Cruise Lines have taught us anything, just back up their toilets. They'll be out in a jiffy.
  
  --
  
  A feeling of having made the same mistake before: Deja Foobar
Excuse my naivety but by Quick+Reply · 2013-03-27 01:48 · Score: 4, Insightful

With an operator no doubt facilitating illegal actions of their customers, and refusing to no doubt enfore court orders to disconnect their customers for said actions, couldn't a case be made to disconnect them from THEIR upstream providers because they are now acting illegally but not following court orders, presuming that their upstream providers follow court orders, and the upstream upstream until you get to a legitimate entity. It seems quite an shortcoming of the law that they can act with impunity while allowing their customers to bring down the very fabric of the world wide web.
1. Re:Excuse my naivety but by Anonymous Coward · 2013-03-27 03:03 · Score: 3, Interesting
  
  to disconnect them from THEIR upstream providers
  That's about the start of the online war. Though disconnection was not by court orders, but by spamhaus' actions.
  Years ago cyberbunker was already sending out spam. When spamhaus got sick of the actions of cyberbunker, they put A2B internet, the uplink for cyberbunker, on the blacklist in order to force A2B to disconnect cyberbunker. While cyberbunker should have been killed a decade ago, the A2B IP range affected did not send out spam. Spamhaus abused their power to force a (mostly) legal company to disconnect a spammer.
  While the mission is noble, I think that spamhaus' abuse of power is unacceptable!
  I say "(mostly) legal company" because A2B owner Erik Bais isn't all cleared. While he does not host spammers himself, he is well known for supporting spammers and running their networks. Erik is/has been running (part of the) the systems of convicted spammer Martijn Bevelander, spammer hoster Marco van Gink (datahouse) and seller of counterfeit products idear4busines.
Alleged attempts to enter the bunker by force. by Gorath99 · 2013-03-27 01:48 · Score: 5, Informative

From the summary:

Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so.
From TFA:

Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team. “Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”
In other words: Cyberbunker is not currently under assault by police, and we have only their word that they ever have been. I suspect that at one time they were successful in having visiting cops think nobody was home by being real quiet and quickly turning off all the lights.
1. Re:Alleged attempts to enter the bunker by force. by Psyborgue · 2013-03-27 01:59 · Score: 3, Interesting
  
  You realize Cyberbunker is situated in a bunker designed to survive a nuclear war. It was designed to function independently for 10 years. Not sure how long that would work with the servers at full load, but i'd think they could still run their generators for quite some time without interruption.
2. Re:Alleged attempts to enter the bunker by force. by drinkypoo · 2013-03-27 02:07 · Score: 2
  
  You realize Cyberbunker is situated in a bunker designed to survive a nuclear war. It was designed to function independently for 10 years. Not sure how long that would work with the servers at full load,
  Right up until someone cut comms with a multi-tool.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:Alleged attempts to enter the bunker by force. by 1u3hr · 2013-03-27 02:18 · Score: 5, Informative
  
  You realize Cyberbunker is situated in a bunker designed to survive a nuclear war.
  You don't have to kill them. Just unplugging their Internet connection would be enough, Then padlock the door and wait till they knock on it and ask to be let out. How long could that be? A week at the outside?
  I don't believe the bullshit about then fending off SWAT teams anyway. That's what they say on their own website. No government really cares about spam enough to send in a SWAT team. It's all "protected commercial speech", and plenty of assholes in government are happy to let them do it. If they gave a shit, they know who is DDOSing and exactly where they are. They could arrest them. Freeze their bank accounts. Turn off their electricity, water. But they do nothing.
Important bit missing from a bad summary by 93+Escort+Wagon · 2013-03-27 01:50 · Score: 5, Interesting

From TFA:

Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.
The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.

--
#DeleteChrome
Re:And the perpetrator(s) are... by sycodon · 2013-03-27 01:55 · Score: 2

Noo...."Reeesearchers"!

--
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
So.... by benjfowler · 2013-03-27 01:55 · Score: 5, Informative

Who'd they piss off?
Spamhaus must be costing somebody (or some people) a LOT of money to draw such a massive attack.
I admire their balls -- Spamhaus are fighting serious and organised criminals, people who are perfectly capable of raping and murdering folks who get in their way. It wasn't so long ago that the Russian mafia targeted a Russian security specialist by kidnapping his daughter, raping her, injecting her with heroin and selling her into slavery.
They are not very nice people at all, and shouldn't be fucked around with. Picking fights with organised criminals should be left to law enforcement.
1. Re:So.... by benjfowler · 2013-03-27 03:16 · Score: 3, Informative
  
  http://www.cauce.org/2010/11/kidnapping-theft-and-rape-are-not-cyber-crimes.html
  http://boingboing.net/2010/10/26/good-news-of-a-kind.html
Re:And the perpetrator(s) are... by WGFCrafty · 2013-03-27 02:01 · Score: 2

More likely some mafiosi that controls malware and spambots, and their "clients" don't like a bunch of amateurs blocking their messages.
This is far more likely. Maybe if the kid rented it from a criminal enterprise, but i doubt some kid is in de facto control of such a vast swarm.
Pfft. Amateurs by smooth+wombat · 2013-03-27 02:01 · Score: 4, Interesting

While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.
A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.
As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.
On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
1. Re:Pfft. Amateurs by serviscope_minor · 2013-03-27 03:36 · Score: 2
  
  Um what?
  Are you proposing that polive forces upgrade to being full armies in order to "pacify" non violent people who aren't even aware of police presence?
  It's not even like the people in the bunker were resisting arrest or anything. They had no idea the police were even there.
  
  --
  SJW n. One who posts facts.
Re:I have an idea by Psyborgue · 2013-03-27 02:03 · Score: 2

The bunker is was designed to survive a nuclear war. I wouldn't be surprised if they have considerable fuel reserves.
better articld by WGFCrafty · 2013-03-27 02:05 · Score: 5, Informative

http://bbc.co.uk/news/technology-21954636
No b/s subscription paywall nonsense
Re:Evidence? by thaylin · 2013-03-27 02:10 · Score: 2

So where is the evidence that Cyberbunker has anything to do with this?
I appreciate the things the Spamhaus people do, but they don't exactly have a spotless record when it comes to accurately pointing fingers.
Did you read the article? If you did you would have spotted this:

Questioned about the attacks, Sven Olaf Kamphuis, an Internet activist who said he was a spokesman for the attackers, said in an online message that, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for “abusing their influence.” “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

--
When you cant win, ad hominem.
Re:And the perpetrator(s) are... by WGFCrafty · 2013-03-27 02:10 · Score: 4, Informative

More likely some mafiosi that controls malware and spambots, and their "clients" don't like a bunch of amateurs blocking their messages.
DING DING DING
From the BBC article:

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.
Fiber connections by phorm · 2013-03-27 02:11 · Score: 3, Insightful

Well, I'd assume to be online they're probably going to have some sort of fiber-optic connection. Even if it's redundant, it's going to plug into the greater infrastructure somewhere and it shouldn't be *too* hard to sever if the police really had a mind to do so.
Spamhaus and the spam problem by MrMickS · 2013-03-27 02:19 · Score: 5, Interesting

From TFA:

“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”
I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.
Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.

--
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
1. Re:Spamhaus and the spam problem by geek · 2013-03-27 03:17 · Score: 2
  
  The answer is to get rid of email and replace it with something secure. The problem is, no one has stepped up to try it. Google Wave had promise in this area. Texting and instant messaging have chipped away at it a bit, but nothing has come out and replaced it.
  Email needs end to end encryption along with built in spam prevention. It needs to look and feel like it does now but with all the changes made on the backend as to make the transition for end users seamless.
Why would anyone think cutting comms would help? by Marrow · 2013-03-27 02:23 · Score: 4, Insightful

IF its a DDOS, then losing control of the stupid little robots will not make it stop, they will just be unstoppable. If you want to prevent DDOS, then you need to force ISPs to perform egress filtering of source addresses that are outside of their network. And also implement a choke protocol to inform the ISPs that they have a bad actor on their network.
Re:I have an idea by JaredOfEuropa · 2013-03-27 02:25 · Score: 2

The real question is: what authority did the police have when they attempted entry? If they are just going to execute a search warrant, they can break down the door but they are not authorized (or equipped) to blow it up. They are certainly not authorized to just cut off power or comms to a place of business in case of an ordinary house search. That however could change now that they are involved in a large (and most certainly illegal) DDOS attack. It is not certain when they'll go offline, but this could well spell the end of Cyberbunker, and if they are proven to be behind this attack, some people will be facing criminal charges and jail time as well.

I doubt very much that "authorities have made several attempts to enter". A quick search turns up no references to any such attempt except on the Cyberbunker site. That picture doesn't show SWAT but ordinary riot police, used to evict squatters or quell riots, or (in rare cases) when doing large scale house searches where real crowd control trouble is expected (like in gypsy / Roma campsites). They have no reason to be here... perhaps they where on exercise or got sent to the wrong address. Authorities have made several requests for search warrants, and some of those were turned down. The rest appears to be just bluster from Cyberbunker.

--
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Re:Evidence? by MrMickS · 2013-03-27 02:32 · Score: 5, Interesting

Item 1: The DDOS began after Cyberbunker IPs were added to the black lists.
Item 2: Cyberbunker have a policy saying that they won't look at your servers and don't care what you do. Pretty much a green-light for spammers.
Item 3: The internet activist stating that the DDOS is in response to the blacklisting.
The circumstantial evidence points towards the attacks as being the result of the action Spamhaus took with respect to Cyberbunker. Its unlikely to be the company themselves, but rather at the instigation of one of their customers. The interesting thing is that you can find reports from 2011 (http://www.theregister.co.uk/2011/10/20/spamhaus_a2b_row/) where Spamhaus say that Cyberbunker were on the blacklist then with no prospect of being removed. What has happened in the meantime?

--
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
Re:Evidence? by thaylin · 2013-03-27 02:36 · Score: 2

So in other words, the only evidence you will take is for him to tell you himself, or maybe them putting it on their website would work for you as well.... Since it was a quoted message you can assume that it was his words. The location and type of message does not matter. At some point you have to either trust that the journalist was professional, or not, up to you.

--
When you cant win, ad hominem.
Re:I have an idea by L4t3r4lu5 · 2013-03-27 03:17 · Score: 2

Yes, but they're prisoners in their own facility. "We will tell LEOs to GTFO!" is fine until you realise that those same LEOs are preventing your shift change, and you forgot to pack 80 extra pairs of skivvies this morning in case you happen to be "on shift" until the bunker doors are unsealed.

The Russian Wikipedia page states it has water and fuel for 10 years. I give them 10 days before cabin fever sets in.

--
Finally had enough. Come see us over at https://soylentnews.org/
Re:I have an idea by tnk1 · 2013-03-27 03:28 · Score: 2

It would only hold up for ten years if it was not surrounded and under sustained attack. Yes, it could possibly take a glancing hit from a nuke, but no, it would not stand up very long to some guys with drills and normal demolition charges who had the time to simply drill, demolish or undermine the complex. It would only serve as a fortress hard point if the people inside were armed and there was some hope that allied forces could relieve them in a reasonable amount of time.
And of course, as a way of protecting a connection to the Internet, the building is singularly useless. Even if you didn't just cut the wires, the IP ranges could probably be identified and removed from routing tables in a relatively trivial amount of time. The reason the cops did not simply do this is that they probably just wanted to collect evidence. If they were trying to actually put them out of business, as opposed to just messily collecting evidence, they'd need a specific court order to take that sort of action, and they wouldn't just "give up".
Still, there are some very viable uses for such a bunker. Such a bunker could easily slow down the cops enough to make it possible to destroy incriminating data, or apparently in this case, thwart a raid that was not meant to garner a lot of public attention.
Make no mistake, though, if they *really* wanted in, they could breach in a lot less than ten years. They'd just need to hire some contractors or call the military.
Re:I have an idea by LordLimecat · 2013-03-27 03:29 · Score: 2

This whole idea that they're impregnable is nonsense. There are cutting tools that will go through blast doors and concrete, and you can be sure that a determined SWAT team has access to them.
"Designed for nuclear war" doesnt mean you can just sit inside and not defend the premises as a demolition team goes to work on it, it just means it has some degree of resistance to a nuclear blast.
Spamhaus reports, _users_ block by Onymous+Coward · 2013-03-27 03:48 · Score: 5, Informative

The different lists published by Spamhaus distinguish whether the IPs are directly responsible or are organizationally related. There is no abuse of power here — customers subscribe to the lists that they want, and use those lists to block as they see fit. Spamhaus isn't forcing anyone to use the lists, nor is it misrepresenting what's in the lists.
Re:I have an idea by nbauman · 2013-03-27 04:56 · Score: 2

There are drilling machines that will bore railroad tunnels and 4-lane highways through granite.
Classics time \o/ by radl · 2013-03-27 07:34 · Score: 2

Your post advocates a

( ) technical (*) legislative (*) market-based (*) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
(*) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(*) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(*) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(*) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(*) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(*) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(*) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
(*) Nice try, assh0le! I'm going to find out where you live and burn your house down!

--
1266953+17
DNS amplification is still easy, BCP38 ignored by billstewart · 2013-03-27 11:33 · Score: 2

Unfortunately, too many DNS configurations can be used for amplification, because the responses are larger than the queries, especially if you've got new and interesting record types like DNSSEC, and too many ISPs still ignore the Best Current Practices #38 recommendation on blocking spoofed traffic. RPF is your friend.
There's some mitigation out there because the bigger response record types don't always fit in a single UDP packet, so DNS servers may handle them over TCP (which is harder to forge), and many DNS providers limit who they'll accept requests from, but there's still a lot of sloppy DNS administration out there.

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks