Slashdot Mirror

← Back to Stories (view on slashdot.org)

Largest DDoS In History Reaches 300 Billion Bits Per Second

Posted by Unknown on from the making-enemies dept.

An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."

35 of 450 comments (clear)

  1. Watch your clauses, people! by Looker_Device · · Score: 5, Informative

    The dispute started when the spam-fighting group, called Spamhaus, added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam.

    I think what they meant to say here was: "The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist."

    --
    Your political party doesn't care about your rights and only represents corporate interests.
    1. Re:Watch your clauses, people! by Nerdfest · · Score: 5, Funny

      A Slashdot editor Yoda has become.

    2. Re:Watch your clauses, people! by Anonymous Coward · · Score: 5, Informative

      I came here to say this, and was all prepared to lambaste the summary, when I took the time to discover that the sentence is straight from TFA!

      Great jorb, New York Times. And they wonder why newspapers are dying.

    3. Re:Watch your clauses, people! by PartyBoy!911 · · Score: 5, Informative

      Me neither, Netflix isn't even available for Dutch people.

    4. Re:Watch your clauses, people! by wmac1 · · Score: 5, Funny

      I wish there was a smaller unit than bits. The headline would become more exciting!

    5. Re:Watch your clauses, people! by HornWumpus · · Score: 4, Insightful

      The dispute started when the spam-fighting group Spamhaus, which maintains a blacklist used by e-mail providers to weed out spam, added the Dutch company Cyberbunker to its blacklist.

      Too spammy, too many words, blacklist twice: The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its e-mail blacklist.

      Removing words is like removing lines of code. Almost always makes it better.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    6. Re:Watch your clauses, people! by Mindcontrolled · · Score: 4, Funny

      Edit or edit not; there is no try

      On the edit-not side, the slashdot editors firmly are. Hmmm. Not give in to that side you must!

      --
      Ubi solitudinem faciunt, pacem appellant.
    7. Re:Watch your clauses, people! by telchine · · Score: 5, Funny

      Removing words is like removing lines of code. Almost always makes it better.

      Removing ... words is like ... better

    8. Re:Watch your clauses, people! by omnichad · · Score: 4, Interesting

      Just a badly written article. The attack was a spoofed attack on DNS root servers (I think - badly written article) that reflected back toward Spamhaus. This would cause disruptions to DNS and to Spamhaus. By extension, the huge amount of traffic seems to be slowing down just about everything.

      Don't know when this started, but I was watching Netflix on Monday and got 2 dots instead of my usual 4 and I'm in the Midwest US.

    9. Re:Watch your clauses, people! by femtobyte · · Score: 5, Insightful

      SI unit prefixes are readily available anytime you need them.
      -femtobyte

  2. Bunker by ISoldat53 · · Score: 5, Funny

    The summary makes it sound like the Cyberbunker is a physical location. If so, a wire cutter should cut off it's access to the inter webs.

    1. Re:Bunker by Psyborgue · · Score: 4, Informative

      It is a bunker. And it's not so simple, as this swat team discovered.

    2. Re:Bunker by JaredOfEuropa · · Score: 4, Informative

      That is not a SWAT team, those guys would be better armed and a little more bullet proof. This is just Dutch police in riot gear, of which these woven bamboo shields are a standard component. According to an ME (riot police) buddy, the bamboo shields are pretty good, lighter than the more common plastic shields, and more flexible, meaning they are better at deflecting thrown objects. The only disadvantage is that they do not stand up well to stab weapons, which has not really been an issue until a group of squatters defended themselves with iron pipes with large spikes capable of puncturing these shields.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    3. Re:Bunker by KiloByte · · Score: 5, Interesting

      Except that this bunker has an air reprocessing center. It's a whole underground complex, meant to house a part of NATO's command center in the event of a thermonuclear war.

      On the other hand, cutting the network cable would indeed render the criminals inside nice and fluffy, with a self-inflicted prison sentence if they decide to refuse to go out. They already resisted police raids twice, including once by a SWAT team.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    4. Re:Bunker by marcovje · · Score: 4, Interesting

      I don't think those powerhungry air scrubbers are still online all the time.

      And I surely hope that the Cold War independent energy source (probably a small nuclear reactor) was removed, so cutting power should simply work. As soon as the batteries drain, end of story.

      But note that the whole SWAT story seems to have Cyberbunker as only source in the linked articles. I wouldn't take their (spamming ddosers they are) word for it.

      The whole article regurgitates the vibe that CB wants to spin, it is not a factual description of reality. The main NATO HQ on Dutch soil used to be the Cannerberg (which could house government and parlement), while the said location afaik is only a minor relay station, and the spin seems to borrow facts from more major bases.

    5. Re:Bunker by Mindcontrolled · · Score: 4, Funny

      Are you saying that nuking the site from orbit is NOT a way to be sure? The hills, guys, run for them...

      --
      Ubi solitudinem faciunt, pacem appellant.
    6. Re:Bunker by 50000BTU_barbecue · · Score: 5, Funny

      If they're atheist bombs, you don't deliver them by USPS.

      --
      Mostly random stuff.
    7. Re:Bunker by GreenTom · · Score: 5, Insightful

      I don't know..I'm not a combat engineer, but I don't think any bunker can last long if determined professionals are allowed to freely operate outside it. "nuclear bunker" means certain things about tolerance to over pressure, shock, contaminated air, etc., but doesn't do all that much against people with jackhammers and drills. The wikipedia page says the cyberbunker has 5 meter thick reinforced concrete walls, which would probably keep you and me out, but I'm sure can be defeated in time with civil engineering equipment. Beyond that, if you've got guys who know what they're doing poking around outside the bunker, there's whole worlds of things they can do.

      These Danish cyberbunker people seem to share a mindset with the U.S. Ruby Ridge crowd, and they're both wrong. Making yourself an immobile target and defying state power in a developed nation really only has two outcomes: either you're not enough of a nuisance to provoke action, or you get crushed.

    8. Re:Bunker by EasyTarget · · Score: 4, Interesting

      You have obviously never seen the ME in operation; I have, it was not pretty. I especially liked the skill with which on of the mounted leant really low in the saddle to beat his stick on the heads of two women treating an unconscious man.

      --
      "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
  3. from tfa: by Anonymous Coward · · Score: 4, Insightful

    “These things are essentially like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare. “It’s so easy to cause so much damage.”

    relax dude, its just spam, not nuclear warfare. shut the computer off and go outside for a couple of hours.

  4. don't RTFA by slashmydots · · Score: 5, Funny

    WARNING: if you attempt to RTFA, you will also be bombarded by a DDOS of spam ads. I appreciate the realism but it's kinda annoying.

  5. Old is new again by Papa+Legba · · Score: 4, Informative

    I find it very interesting that they are using a variation on the Old Smurf attacks for this. Sending a message to other places that work as an amplifier. You would think that after 10 years we would have learned that blind, unchecked, forwarding is not a good thing.

    --
    Papa Legba come and open the gate
  6. Excuse my naivety but by Quick+Reply · · Score: 4, Insightful

    With an operator no doubt facilitating illegal actions of their customers, and refusing to no doubt enfore court orders to disconnect their customers for said actions, couldn't a case be made to disconnect them from THEIR upstream providers because they are now acting illegally but not following court orders, presuming that their upstream providers follow court orders, and the upstream upstream until you get to a legitimate entity. It seems quite an shortcoming of the law that they can act with impunity while allowing their customers to bring down the very fabric of the world wide web.

  7. Alleged attempts to enter the bunker by force. by Gorath99 · · Score: 5, Informative
    From the summary:

    Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so.

    From TFA:

    Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team. “Dutch authorities and the police have made several attempts to enter the bunker by force,” the site said. “None of these attempts were successful.”

    In other words: Cyberbunker is not currently under assault by police, and we have only their word that they ever have been. I suspect that at one time they were successful in having visiting cops think nobody was home by being real quiet and quickly turning off all the lights.

    1. Re:Alleged attempts to enter the bunker by force. by 1u3hr · · Score: 5, Informative

      You realize Cyberbunker is situated in a bunker designed to survive a nuclear war.

      You don't have to kill them. Just unplugging their Internet connection would be enough, Then padlock the door and wait till they knock on it and ask to be let out. How long could that be? A week at the outside?

      I don't believe the bullshit about then fending off SWAT teams anyway. That's what they say on their own website. No government really cares about spam enough to send in a SWAT team. It's all "protected commercial speech", and plenty of assholes in government are happy to let them do it. If they gave a shit, they know who is DDOSing and exactly where they are. They could arrest them. Freeze their bank accounts. Turn off their electricity, water. But they do nothing.

  8. Important bit missing from a bad summary by 93+Escort+Wagon · · Score: 5, Interesting

    From TFA:

    Cyberbunker brags on its Web site that it has been a frequent target of law enforcement because of its “many controversial customers.” The company claims that at one point it fended off a Dutch SWAT team.

    The only mention of "Dutch authorities and police" comes from the Cyberbunker company itself. The article is badly written, so it's not completely clear (from the context) whether or this claim is related to the current dDOS the company is running. The writer doesn't appear to have talked to anyone in Holland - except perhaps the self-styled spokesman for Cyberpunker.

    --
    #DeleteChrome
  9. So.... by benjfowler · · Score: 5, Informative

    Who'd they piss off?

    Spamhaus must be costing somebody (or some people) a LOT of money to draw such a massive attack.

    I admire their balls -- Spamhaus are fighting serious and organised criminals, people who are perfectly capable of raping and murdering folks who get in their way. It wasn't so long ago that the Russian mafia targeted a Russian security specialist by kidnapping his daughter, raping her, injecting her with heroin and selling her into slavery.

    They are not very nice people at all, and shouldn't be fucked around with. Picking fights with organised criminals should be left to law enforcement.

  10. Pfft. Amateurs by smooth+wombat · · Score: 4, Interesting

    While the bunker itself is designed to withstand a nuclear blast, the doors are the weak point.

    A thermal lance can cut through the door while also able to make a nice hold in the concrete walls into which explosives of various types can be implanted.

    As others have said, cut the communication and electrical lines and let them fend for themselves. They may have food and fuel, but they can't last forever.

    On second thought, cut the electricity and communication, then pile tons of rubble in front of the doors to prevent them from coming out once they exhaust their supplies.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  11. better articld by WGFCrafty · · Score: 5, Informative

    http://bbc.co.uk/news/technology-21954636

    No b/s subscription paywall nonsense

  12. Re:And the perpetrator(s) are... by WGFCrafty · · Score: 4, Informative

    More likely some mafiosi that controls malware and spambots, and their "clients" don't like a bunch of amateurs blocking their messages.

    DING DING DING

    From the BBC article:

    Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

  13. Spamhaus and the spam problem by MrMickS · · Score: 5, Interesting

    From TFA:

    “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Mr. Kamphuis said. “They worked themselves into that position by pretending to fight spam.”

    I'd rather not have to consult Spamhaus blacklists on my mail servers to block incoming email. I know that if I removed it my bandwidth would be clogged and the amount of work done by my servers to deal with spam would increase many fold. So I use Spamhaus blacklists and it makes me feel dirty. It's the wrong solution to the problem of spam. Surely we should be able to come up with something better.

    Spamhaus has been going for 15 years. Look at the other technological advances in that time why don't we have an effective, agreed upon, resolution to the problem of spam? Perhaps the best thing would be for Spamhaus to shut up shop, to stop providing the DNS lists. For mail servers to stop filtering and marking the spam. Let the size of the problem manifest itself. Perhaps then we will get a concerted effort to stop it rather than mitigate the impact.

    --
    You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
  14. Why would anyone think cutting comms would help? by Marrow · · Score: 4, Insightful

    IF its a DDOS, then losing control of the stupid little robots will not make it stop, they will just be unstoppable. If you want to prevent DDOS, then you need to force ISPs to perform egress filtering of source addresses that are outside of their network. And also implement a choke protocol to inform the ISPs that they have a bad actor on their network.

  15. Re:Evidence? by MrMickS · · Score: 5, Interesting

    Item 1: The DDOS began after Cyberbunker IPs were added to the black lists.

    Item 2: Cyberbunker have a policy saying that they won't look at your servers and don't care what you do. Pretty much a green-light for spammers.

    Item 3: The internet activist stating that the DDOS is in response to the blacklisting.

    The circumstantial evidence points towards the attacks as being the result of the action Spamhaus took with respect to Cyberbunker. Its unlikely to be the company themselves, but rather at the instigation of one of their customers. The interesting thing is that you can find reports from 2011 (http://www.theregister.co.uk/2011/10/20/spamhaus_a2b_row/) where Spamhaus say that Cyberbunker were on the blacklist then with no prospect of being removed. What has happened in the meantime?

    --
    You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
  16. Spamhaus reports, _users_ block by Onymous+Coward · · Score: 5, Informative

    The different lists published by Spamhaus distinguish whether the IPs are directly responsible or are organizationally related. There is no abuse of power here — customers subscribe to the lists that they want, and use those lists to block as they see fit. Spamhaus isn't forcing anyone to use the lists, nor is it misrepresenting what's in the lists.

  17. Re:Don't forget the power cord! by ackthpt · · Score: 4, Funny

    Cutting their communication lines was the first thing I thought of too. Then cutting their power lines. I may not have enough cofee in me to calm me down this morning but visions of the Dirty Dozen dumping fuel and grenades into their bunker came to mind. }:D

    If Carnival Cruise Lines have taught us anything, just back up their toilets. They'll be out in a jiffy.

    --

    A feeling of having made the same mistake before: Deja Foobar