Slashdot Mirror
Did the Spamhaus DDoS Really Slow Down Global Internet Access?
CowboyRobot writes "Despite the headlines, the big denial of service attack may not have slowed the Internet after all. The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week. Also, multiple service providers and Internet watchers have now publicly stated that while the DDoS attacks against Spamhaus could theoretically have led to slowdowns, they've seen no evidence that this occurred for general Internet users. And while some users may have noticed a slowdown, the undersea cable cuts discovered by Egyptian sailors had more of an impact than the DDoS."
as usual, ArsTechnica does a much better job of describing this, slashdot eds, take note please!
The best text-only (no ads!) reply though is from Richard A Steenbergen who responded to the gizmodo article. This guy works at one of the tier 1 providers and described the problem, particularly that the DDoS wasn't a big deal for them but that the attack on the INX exchanges might have been.. but turned out not to be after a little tweaking of their filters.
Nevertheless, the problem that I can see is that the internet is open to these kind of attacks. Now Spamhaus can get CloudFlare to handle these attacks on their behalf (for a lot of free advertising) but MyLittleSite.com cannot, and that leave them open to extortion attacks from the criminals who run these DDoSs. Surely a more appropriate response would not be "yeah, we're great, we can handle a poxy 300Gbps" but "we need to sort out this so the baddies cannot screw people with impunity". I'd prefer a technical resolution (eg ingress/egress filtering, rate limiting, non-recursive responses from outside your domain) to legal ones which is all there is at the moment it seems.
That would be a 'no'.
But, don't let the facts get in the way of sensationalist clickbait and media whoring. If nothing else, the clueless need something to get incensed about and start demanding legislative fixes to imaginary problems.
The problem was supposedly more severe in Europe but, FWIW, my response times in Madrid, Spain were completely normal. I realize that proves nothing, but it does make me skeptical of the Internet Brought to It's Knees claims.
TFA is right, the DDoS was not that bad as far as the entire Internet is concerned. The submarine cable cuts in 2008 as well as some of the Tier-1 ISP like Sprint depeering with Cogent Communications also in that year led to far more disruption than this DDoS. Hell, the Internet was effectively partioned for a time over the mess with Cogent.
It's definitely a way for SPAMHaus to make the headlines. Whether it is proper conduct, especially for a trust-based organisation like SPAMHaus, is the real question.
DNSBL is not the way to fight spam. I've worked for several large ESP's, and we've had more issues with false positives and various DNSBL's blocking regular, solicited email everytime some angry recipient with a vengeace decided to file a spam-report, instead of just opting-out from the mailing they opted-in for themselves.
This has led to us using less and less DNSBL-related spam-filtering. Most of our spam-filters are now 'smart', using the recipient's own preferences to decide whether a mail should be blocked or not. I'm sure DNSBL's like spamhaus are feeling the heat, and stunts like these may give them the exposure they need to get some fresh customers.
But it's definitely sounds a bit 'shadey' to launch a misinformation-campaign for this, especially for an antispam-firm.
300Gb/s, what is that as a fraction of the total Internet bandwidth ? Without that number we don't know if it is a significant proportion of what is available. Maybe we should be asking for that figure round/close-to the Spamhaus servers.
By total I mean the core internet routers, not including those in outlying backwaters.
On Tuesday afternoon, GMT-6, I could do exactly zero of my job functions, as none of my remote server connections would stay up for longer than 5-7 seconds. Not knowing what was happening, I did hours of troubleshooting on my own connection, before finally just calling it quits for the day.
I was about ready to just walk away out of frustration before things just seemed to magically fix themselves the following morning. So yes, I think this did affect parts of the internet as a whole, and not others. I am not surprised by this.
It didn't slowdown the internet. It slowed down Spamhaus and it may have slowed down the email delivery times of users of the Spamhaus block list.
Nothing to see here. Move along.
If you tried to access the Spamhaus website, the DDoS was very effectively blocking that corner of the internet!
Don't blame me, it's usually 2 in the morning when I post
I didn't eve know there was a giant DDOS attack going on until I read it in the news. Have not seen any slowdown here in the U.S.
So if the spammers botnets are busy with a ddos attack, has there been any measurable decrease in spam on the internet? I haven't seen any internet slowdowns, but I haven't seen any slowdown in spam either...
The statistics that the AMS-IX gives out do not show any rise in network traffic, maybe even a slowdown.
Stats
For a Dutch provider, you would at least suspect a slight increase in traffic on the Dutch Internet Exchange.
Well, don't worry about that. We can get you back before you leave. (Dr. Who)
The illuminati and the Bilderbergs would love for all of us to believe the Internet is immune to cyber attack.
The truth is, however, that we are, as usual, being duped by our own "leaders." The truth is that the Internet is in shambles and is ready to come crashing down any minute, at which point society will break down and give them the excuse they need to finally implement Agenda 21 and the total enslavement of the entire Human population.
Stop lying to yourselves!
We and two partner firms saw a big increase in email latency for the afternoon, up to a few hours delay in some cases. General connectivity (vpn, vnc etc.) was not affected, though.
The Internet connection speed for many is so slow already, that they would not even notice if the Internet speed as a whole dropped by 90%. In the evening, watching Netflix or any other video is a pain. That is why we still get DVDs in the mail.
A sufficiently advanced simulation is indistinguishable from reality.
People like to hear that DNSBLs are a problem. And then they like to repeat the accusations. Not sure how folks have gotten attached to the idea, but I'm certain it's not from detailed investigation.
For one thing, don't conflate the mechanism with the implementations. Anyone can publish a DNSBL. You could. And you could make your list all false positives. It would be a bad idea for people to subscribe to your list. Caveat emptor, right?
And that's why you get false positives. You've chosen badly. And you're not using the lists for scoring — sounds like you're using them as final arbiters.
The "trick" to getting DNSBLs to work is to choose wisely. You have to do some research into how the lists are made, and since it's you who will be blocking emails based on the information provided by the lists, it's your responsibility to understand the nature of that information. What are the listing/delisting policies? If you don't know, you're not being a smart consumer. "... everytime some angry recipient with a vengeace decided to file a spam-report ..." Hopefully you know better than to think that every DNSBL is made this way.
And the "smart" spam filters, so you know, are resource intensive. Instead, it's possible to eliminate lots of spam using extremely low resource checks. Validating the SMTP "HELO" (requiring they give FQDN, non-bare address literals, not your domain or IP, and a couple other checks as per RFC) will nix half of spam off the bat. And you can eliminate another third of spam (two-thirds the spam passing HELO checks) by using (well-chosen) DNSBLs. DNS lookups are cheap (and you can download zone files of you're worried about outages). That's 83% of spam cheaply nixed, all before you even get to "MAIL FROM:". If your "smart" checks are building Markov chains and feeding a naive Bayes classifier, that's gonna take time and effort in processing power, in disk resource, in procedures and staff attention/knowledge for maintenance.
DNSBLs are clearly a way to fight spam. But you have to know what they are and how to use them.
Shopping for DNSBLs takes effort, it's true. If you want to do a good job. Once upon a time, Al Iverson's http://www.dnsbl.info/ was up-to-date and gave wonderful statistics on success rates of the various lists (using his (rather knowledgeable) measures). Doing the research now without such a resource is much more challenging.
I use Spamhaus's XBL and SpamCop's SCBL. That's it. Combined, those give me the aforementioned inexpensive 33% spam reduction. (If I used them before the HELO checks the reduction would probably be near 75%, my guess.) I vetted the lists for efficacy (true positives v. false positives), policy (how they're made, listing and delisting), and longevity/reputability. I've been using these guys for 5 years without a hiccup.
Youtube for listening to music while I work is painful. It can't buffer at all and I have a FIOS connection. I had to reformat my computer and installing Office over the internet and patching the 3 gigs of data for SWTOR was capped at 300k even if I have a fiber connection.
I rebooted my router a few times and ran ipconfig /flushdns but to no avail.
However, none of my activity uses European servers or DNS so I highly doubt this is related at all. Google did say it was absorbing some of the traffic because they are nice guys and do not want to see European internet shutdown and this *might* explain youtube buffering issues.
So I am skeptical unless European traffic is being rerouted to North American servers which are chocking the routers but I do not think the pipes over the atlantic could handle that.
http://saveie6.com/
Excellent post A++++++++++++ would scroll past again!!!!
> The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week.
Yes, much like how a bullet does not kill you. It's the bleeding that does it.
If Cloudflare is servicing a large portion of internet sites, and Cloudflare is slow, then a large portion of internet sites is slow.
The tier 1 providers I read about downplayed it, but then again they have a lot of incentive to downplay it.
it could be abused to "centralize" (*) email delivery, which would make snoopign on email traffic that much easier.
anyways, on linux with a static ip or some dynamic dns updater running there's really no reason
why email cannot be sent and received DIRECTLY by each user (that is without having to go thru
a outside SMTP (sending) or outside IMAP/POP3 (receiving) server).
no system is perfect. the real physical mailbox in front of your house (people still use this) can also
be overwhelmed.
(*) by having blocklists, you pay to be a "good guy", who of course doesn't hav eto co-operate with the "authorities"
due to size (tongue in cheek).
IMHO, the question "was your internet running slowly?" was just a humblebrag to point to how they were featured in the NYT -- which is very telling in relation to the information in TFA here.
Mine has been unbearably slow. I've called up my provider twice. Problem is, speed tests to their servers show I am gettign my advertised speed. If I do speed tests to nearby servers, I am seeing this, but if I go outside of my geographic area, speeds start taking a huge hit. Connecting to most speed test servers on the internet, I am seeing 1/20th of the speed I am paying for (I usually get close). I used to be able to stream HDX from Vudo no problem while surfing, but now, Amazon and Netflix SD buffer like crazy. No matter how much I reset stuff on my end, or have my ISP force a restart on their end, I am still seeing this.
It's even worse on my phone with 4G. I can normally stream movies or music or watch HD Youtube streams with no issue, but over the past week or two, my 4G has been practically unusable. Forget internet radio or any of the other streaming services that I normally have no issues with. A 1 minute Youtube video in SD is now taking about 3 minutes to buffer.
So yeah, I have noticed an incredible hit in speeds over the past couple of weeks.
THIS is why he's doing it & proof of it, here -> http://interviews.slashdot.org/comments.pl?sid=3585927&cid=43295193 when others pointed out Jeremiah Cornelius forgot to submit one of the "first post spams" (masquerading as myself, by posting as AC & using some old posts of mine or other b.s. he put up), & JC mistakenly submitted one of the impersonations of myself as his registered 'luser' name here on /. forums.
Pretty pitiful actually, but like every up to no good idiot does? He screwed up & submitted it under his registered 'luser' name here, instead of his ac submittals he's been doing.
* Jeremiah Cornelius: DO YOURSELF, and the rest of us, A GIANT FAVOR MAN: Seek professional psychiatric help!
(Since Jeremiah Cornelius obviously can't get over the fact he made a spelling error on what it is HE ALLEGEDLY DID FOR A LIVING? That's not MY fault... it's HIS!)
APK
P.S.=> I seriously must have dusted JC (in his mind @ least) for his BAD spelling error & it "got his goat"...
I.E.-> Catching what he claimed to do as a job, for YEARS he left "PENETRATION" (correct) spelled as "PENTRATION" (incorrect) on his resume on LinkedIn & I pointed it out as he & his friends trolled me as usual (webmistressrachel, gmhowell, & crew (probably ALL JC no doubt using alterate emails or TOR to do it as a possible - I've caught "them & theirs" doing it before, ala Barbara, not Barbie = TomHudson (same person))).
So THAT is what has gotten his goat in a technical debate & his "geek angst" could only come up with *trying* to "impersonate me" in every news thread on /. for the month of March 2013 so far!
(Just to attempt to 'discredit me' as a spammer here obviously)
Doing so, by posting that "$10,000 challenge" &/or reposts of my old posts on hosts file value to end users into EVERY SINGLE NEWS ARTICLE POSTED on /. ...
It's all I can think of that *might* cause such a mentally troubled 'reaction' like the Jeremiah Cornelius is doing & there's NO QUESTION he's the one doing this spamming of nearly every posted article masquerading as myself...!
... apk
.
May I suggest a command line tool for off-line downloads to your local directory: http://www.jwz.org/hacks/youtubedown
as described at http://www.jwz.org/hacks/#youtubedown is a nice script that you can run on the command line.