Slashdot Mirror
Did the Spamhaus DDoS Really Slow Down Global Internet Access?
CowboyRobot writes "Despite the headlines, the big denial of service attack may not have slowed the Internet after all. The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week. Also, multiple service providers and Internet watchers have now publicly stated that while the DDoS attacks against Spamhaus could theoretically have led to slowdowns, they've seen no evidence that this occurred for general Internet users. And while some users may have noticed a slowdown, the undersea cable cuts discovered by Egyptian sailors had more of an impact than the DDoS."
Don Newton (probably Thor Schrock himself, or a pal of his, no doubt), can YOU answer my questions for me then?
See, little "FYI" for you:
Thor S. here has been "trashing" me, by listing a ware I wrote years ago as a "malware" on some list he maintains!
(& he won't answer any questions, because honestly?? I think Thor Schrock is another "wannabe" w/ out a degree in this field, much less years to decades of actual hands on experience in it is why - else, why avoid simple questions like these?)
Thor S. apparently doesn't have a clue really, & only "spits back what others state" online, & with no real thought or analysis of his own - otherwise, he could answer my questions, in a split second, period.
Case in point:
My ware has NO harmfulness to it, whatsoever, in & of itself/by itself (what users do with it however? That nobody can control)
So, thus my question to Thor Schrock - I wonder, does he list PING.EXE or psexec.exe?? They are BOTH capable of destructive uses also.
SO, BOTTOM-LINE:
Again - Where on earth did Thor Schrock get his data from & how did he make his decision here on why to list my ware as a malware?
He won't answer, because it will implicate his sources (or, himself) in libelling myself. That's ok, I can use that type of resistance to my advantage, eventually, & mark my words, I will.
No, Thor Schrock & CA will be in for a surprise eventually I would say...
Put it THIS way:
I am doing as I was instructed by legal counsel in fact, & pursuing this with CA, for now, playing by "their rules" - like they are the "lords of the internet", lol, far FROM it in fact!
E.G.-> Overall, their 'security suite'?
SUCKS!
I.E./E.G.-> They were taken out of my place of employ in fact, because of the problems in the mail filters, & oddly, lol, Mr. Greg Jensen the product mgr. for it @ CA even said my mails were caught in that faulty piece of junk - funny part is? The company I referred to?? Is a reseller/partner of CA's... lol, & WE didn't even want to use their stuff!)
APK
P.S.=> CA has been listing my ware online as a malware since 2004, & under a DIFFERENT name than my own, using my middle name, so I would not find it online in that timeframe... they're trash, imo, for that alone.
(Also - CA too won't divulge their sources when asked either, or answer the same questions I asked Thor here above)
I wonder, was it Thor Schrock they got their info. from?
Be silent, but time's on MY side... apk
as usual, ArsTechnica does a much better job of describing this, slashdot eds, take note please!
The best text-only (no ads!) reply though is from Richard A Steenbergen who responded to the gizmodo article. This guy works at one of the tier 1 providers and described the problem, particularly that the DDoS wasn't a big deal for them but that the attack on the INX exchanges might have been.. but turned out not to be after a little tweaking of their filters.
Nevertheless, the problem that I can see is that the internet is open to these kind of attacks. Now Spamhaus can get CloudFlare to handle these attacks on their behalf (for a lot of free advertising) but MyLittleSite.com cannot, and that leave them open to extortion attacks from the criminals who run these DDoSs. Surely a more appropriate response would not be "yeah, we're great, we can handle a poxy 300Gbps" but "we need to sort out this so the baddies cannot screw people with impunity". I'd prefer a technical resolution (eg ingress/egress filtering, rate limiting, non-recursive responses from outside your domain) to legal ones which is all there is at the moment it seems.
That would be a 'no'.
But, don't let the facts get in the way of sensationalist clickbait and media whoring. If nothing else, the clueless need something to get incensed about and start demanding legislative fixes to imaginary problems.
The problem was supposedly more severe in Europe but, FWIW, my response times in Madrid, Spain were completely normal. I realize that proves nothing, but it does make me skeptical of the Internet Brought to It's Knees claims.
TFA is right, the DDoS was not that bad as far as the entire Internet is concerned. The submarine cable cuts in 2008 as well as some of the Tier-1 ISP like Sprint depeering with Cogent Communications also in that year led to far more disruption than this DDoS. Hell, the Internet was effectively partioned for a time over the mess with Cogent.
It's definitely a way for SPAMHaus to make the headlines. Whether it is proper conduct, especially for a trust-based organisation like SPAMHaus, is the real question.
DNSBL is not the way to fight spam. I've worked for several large ESP's, and we've had more issues with false positives and various DNSBL's blocking regular, solicited email everytime some angry recipient with a vengeace decided to file a spam-report, instead of just opting-out from the mailing they opted-in for themselves.
This has led to us using less and less DNSBL-related spam-filtering. Most of our spam-filters are now 'smart', using the recipient's own preferences to decide whether a mail should be blocked or not. I'm sure DNSBL's like spamhaus are feeling the heat, and stunts like these may give them the exposure they need to get some fresh customers.
But it's definitely sounds a bit 'shadey' to launch a misinformation-campaign for this, especially for an antispam-firm.
300Gb/s, what is that as a fraction of the total Internet bandwidth ? Without that number we don't know if it is a significant proportion of what is available. Maybe we should be asking for that figure round/close-to the Spamhaus servers.
By total I mean the core internet routers, not including those in outlying backwaters.
On Tuesday afternoon, GMT-6, I could do exactly zero of my job functions, as none of my remote server connections would stay up for longer than 5-7 seconds. Not knowing what was happening, I did hours of troubleshooting on my own connection, before finally just calling it quits for the day.
I was about ready to just walk away out of frustration before things just seemed to magically fix themselves the following morning. So yes, I think this did affect parts of the internet as a whole, and not others. I am not surprised by this.
It didn't slowdown the internet. It slowed down Spamhaus and it may have slowed down the email delivery times of users of the Spamhaus block list.
Nothing to see here. Move along.
If you tried to access the Spamhaus website, the DDoS was very effectively blocking that corner of the internet!
Don't blame me, it's usually 2 in the morning when I post
I didn't eve know there was a giant DDOS attack going on until I read it in the news. Have not seen any slowdown here in the U.S.
So if the spammers botnets are busy with a ddos attack, has there been any measurable decrease in spam on the internet? I haven't seen any internet slowdowns, but I haven't seen any slowdown in spam either...
The statistics that the AMS-IX gives out do not show any rise in network traffic, maybe even a slowdown.
Stats
For a Dutch provider, you would at least suspect a slight increase in traffic on the Dutch Internet Exchange.
Well, don't worry about that. We can get you back before you leave. (Dr. Who)
The illuminati and the Bilderbergs would love for all of us to believe the Internet is immune to cyber attack.
The truth is, however, that we are, as usual, being duped by our own "leaders." The truth is that the Internet is in shambles and is ready to come crashing down any minute, at which point society will break down and give them the excuse they need to finally implement Agenda 21 and the total enslavement of the entire Human population.
Stop lying to yourselves!
A corrupt slashdot luser has infiltrated the moderation system to downmod all my posts while impersonating me.
Nearly 170++ times that I know of @ this point for all of March 2013 so far, & others here have told you to stop - take the hint, lunatic (leave slashdot)...
Sorry folks - but whoever the nutjob is that's attempting to impersonate me, & upset the rest of you as well, has SERIOUS mental issues, no questions asked! I must've gotten the better of him + seriously "gotten his goat" in doing so in a technical debate & his "geek angst" @ losing to me has him doing the:
---
A.) $10,000 challenges, ala (where the imposter actually TRACKED + LISTED the # of times he's done this no less, & where I get the 170 or so times I noted above) -> http://it.slashdot.org/comments.pl?sid=3585795&cid=43285307
&/or
B.) Reposting OLD + possibly altered models - (this I haven't checked on as to altering the veracity of the info. being changed) of posts of mine from the past here
---
(Albeit massively repeatedly thru all threads on /. this March 2013 nearly in its entirety thusfar).
* Personally, I'm surprised the moderation staff here hasn't just "blocked out" his network range yet honestly!
(They know it's NOT the same as my own as well, especially after THIS post of mine, which they CAN see the IP range I am coming out of to compare with the ac spamming troll doing the above...).
APK
P.S.=> Again/Stressing it: NO guys - it is NOT me doing it, as I wouldn't waste that much time on such trivial b.s. like a kid might...
Plus, I only post where hosts file usage is on topic or appropriate for a solution & certainly NOT IN EVERY POST ON SLASHDOT (like the nutcase trying to "impersonate me" is doing for nearly all of March now, & 170++ times that I know of @ least)... apk
$10,000 CHALLENGE to Alexander Peter Kowalski
* POOR SHOWING TROLLS, & most especially IF that's the "best you've got" - apparently, it is... lol!
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusiv
We and two partner firms saw a big increase in email latency for the afternoon, up to a few hours delay in some cases. General connectivity (vpn, vnc etc.) was not affected, though.
The Internet connection speed for many is so slow already, that they would not even notice if the Internet speed as a whole dropped by 90%. In the evening, watching Netflix or any other video is a pain. That is why we still get DVDs in the mail.
A sufficiently advanced simulation is indistinguishable from reality.
People like to hear that DNSBLs are a problem. And then they like to repeat the accusations. Not sure how folks have gotten attached to the idea, but I'm certain it's not from detailed investigation.
For one thing, don't conflate the mechanism with the implementations. Anyone can publish a DNSBL. You could. And you could make your list all false positives. It would be a bad idea for people to subscribe to your list. Caveat emptor, right?
And that's why you get false positives. You've chosen badly. And you're not using the lists for scoring — sounds like you're using them as final arbiters.
The "trick" to getting DNSBLs to work is to choose wisely. You have to do some research into how the lists are made, and since it's you who will be blocking emails based on the information provided by the lists, it's your responsibility to understand the nature of that information. What are the listing/delisting policies? If you don't know, you're not being a smart consumer. "... everytime some angry recipient with a vengeace decided to file a spam-report ..." Hopefully you know better than to think that every DNSBL is made this way.
And the "smart" spam filters, so you know, are resource intensive. Instead, it's possible to eliminate lots of spam using extremely low resource checks. Validating the SMTP "HELO" (requiring they give FQDN, non-bare address literals, not your domain or IP, and a couple other checks as per RFC) will nix half of spam off the bat. And you can eliminate another third of spam (two-thirds the spam passing HELO checks) by using (well-chosen) DNSBLs. DNS lookups are cheap (and you can download zone files of you're worried about outages). That's 83% of spam cheaply nixed, all before you even get to "MAIL FROM:". If your "smart" checks are building Markov chains and feeding a naive Bayes classifier, that's gonna take time and effort in processing power, in disk resource, in procedures and staff attention/knowledge for maintenance.
DNSBLs are clearly a way to fight spam. But you have to know what they are and how to use them.
Shopping for DNSBLs takes effort, it's true. If you want to do a good job. Once upon a time, Al Iverson's http://www.dnsbl.info/ was up-to-date and gave wonderful statistics on success rates of the various lists (using his (rather knowledgeable) measures). Doing the research now without such a resource is much more challenging.
I use Spamhaus's XBL and SpamCop's SCBL. That's it. Combined, those give me the aforementioned inexpensive 33% spam reduction. (If I used them before the HELO checks the reduction would probably be near 75%, my guess.) I vetted the lists for efficacy (true positives v. false positives), policy (how they're made, listing and delisting), and longevity/reputability. I've been using these guys for 5 years without a hiccup.
Youtube for listening to music while I work is painful. It can't buffer at all and I have a FIOS connection. I had to reformat my computer and installing Office over the internet and patching the 3 gigs of data for SWTOR was capped at 300k even if I have a fiber connection.
I rebooted my router a few times and ran ipconfig /flushdns but to no avail.
However, none of my activity uses European servers or DNS so I highly doubt this is related at all. Google did say it was absorbing some of the traffic because they are nice guys and do not want to see European internet shutdown and this *might* explain youtube buffering issues.
So I am skeptical unless European traffic is being rerouted to North American servers which are chocking the routers but I do not think the pipes over the atlantic could handle that.
http://saveie6.com/
> The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week.
Yes, much like how a bullet does not kill you. It's the bleeding that does it.
If Cloudflare is servicing a large portion of internet sites, and Cloudflare is slow, then a large portion of internet sites is slow.
The tier 1 providers I read about downplayed it, but then again they have a lot of incentive to downplay it.
it could be abused to "centralize" (*) email delivery, which would make snoopign on email traffic that much easier.
anyways, on linux with a static ip or some dynamic dns updater running there's really no reason
why email cannot be sent and received DIRECTLY by each user (that is without having to go thru
a outside SMTP (sending) or outside IMAP/POP3 (receiving) server).
no system is perfect. the real physical mailbox in front of your house (people still use this) can also
be overwhelmed.
(*) by having blocklists, you pay to be a "good guy", who of course doesn't hav eto co-operate with the "authorities"
due to size (tongue in cheek).
IMHO, the question "was your internet running slowly?" was just a humblebrag to point to how they were featured in the NYT -- which is very telling in relation to the information in TFA here.
Mine has been unbearably slow. I've called up my provider twice. Problem is, speed tests to their servers show I am gettign my advertised speed. If I do speed tests to nearby servers, I am seeing this, but if I go outside of my geographic area, speeds start taking a huge hit. Connecting to most speed test servers on the internet, I am seeing 1/20th of the speed I am paying for (I usually get close). I used to be able to stream HDX from Vudo no problem while surfing, but now, Amazon and Netflix SD buffer like crazy. No matter how much I reset stuff on my end, or have my ISP force a restart on their end, I am still seeing this.
It's even worse on my phone with 4G. I can normally stream movies or music or watch HD Youtube streams with no issue, but over the past week or two, my 4G has been practically unusable. Forget internet radio or any of the other streaming services that I normally have no issues with. A 1 minute Youtube video in SD is now taking about 3 minutes to buffer.
So yeah, I have noticed an incredible hit in speeds over the past couple of weeks.
THIS is why he's doing it & proof of it, here -> http://interviews.slashdot.org/comments.pl?sid=3585927&cid=43295193 when others pointed out Jeremiah Cornelius forgot to submit one of the "first post spams" (masquerading as myself, by posting as AC & using some old posts of mine or other b.s. he put up), & JC mistakenly submitted one of the impersonations of myself as his registered 'luser' name here on /. forums.
Pretty pitiful actually, but like every up to no good idiot does? He screwed up & submitted it under his registered 'luser' name here, instead of his ac submittals he's been doing.
* Jeremiah Cornelius: DO YOURSELF, and the rest of us, A GIANT FAVOR MAN: Seek professional psychiatric help!
(Since Jeremiah Cornelius obviously can't get over the fact he made a spelling error on what it is HE ALLEGEDLY DID FOR A LIVING? That's not MY fault... it's HIS!)
APK
P.S.=> I seriously must have dusted JC (in his mind @ least) for his BAD spelling error & it "got his goat"...
I.E.-> Catching what he claimed to do as a job, for YEARS he left "PENETRATION" (correct) spelled as "PENTRATION" (incorrect) on his resume on LinkedIn & I pointed it out as he & his friends trolled me as usual (webmistressrachel, gmhowell, & crew (probably ALL JC no doubt using alterate emails or TOR to do it as a possible - I've caught "them & theirs" doing it before, ala Barbara, not Barbie = TomHudson (same person))).
So THAT is what has gotten his goat in a technical debate & his "geek angst" could only come up with *trying* to "impersonate me" in every news thread on /. for the month of March 2013 so far!
(Just to attempt to 'discredit me' as a spammer here obviously)
Doing so, by posting that "$10,000 challenge" &/or reposts of my old posts on hosts file value to end users into EVERY SINGLE NEWS ARTICLE POSTED on /. ...
It's all I can think of that *might* cause such a mentally troubled 'reaction' like the Jeremiah Cornelius is doing & there's NO QUESTION he's the one doing this spamming of nearly every posted article masquerading as myself...!
... apk
.
May I suggest a command line tool for off-line downloads to your local directory: http://www.jwz.org/hacks/youtubedown
as described at http://www.jwz.org/hacks/#youtubedown is a nice script that you can run on the command line.