Another 100 Gigabit DDoS Attack Strikes — This Time Unreflected

darthcamaro writes "In March of this year, we saw the first ever 100 Gigabit DDoS attack, which was possible due to a DNS Reflection Amplification attack. Now word is out that a new 100 Gigabit attack has struck using raw bandwidth, without any DNS Reflection. 'The most outstanding thing about this attack is that it did not use any amplification, which means that they had 100 Gigabits of available bandwidth on their own,' Incapsula co-founder Marc Gaffan said. 'The attack lasted nine hours, and that type of bandwidth is not cheap or readily available.'"

Is that all?

It was probably just one guy in Tokyo using his $9/month internet package ...

Re:Is that all?

[goddidit]

On his mobile, to be exact.

Re:Is that all?

[Cryacin]

the guy mistyped the address on the page and hit refresh. Very Very quickly.

Re:Is that all?

[Yaotzin]

...For nine hours.

Re:Is that all?

[wisnoskij]

It was a Korean professional Starcraft player.

Incapsula

Seriously...this reads like a brochure for Incapsula's services lol

Re:Incapsula

[Joce640k]

They don't name the site, they don't name the attacker, the customers were "completely unaffected"....they could be making it up for all we know.

Re:Incapsula

[Anachragnome]

"....this reads like a brochure for Incapsula's services..."

http://bgp.he.net/AS19551#_whois

Well, I imagine most US server farms are hurting pretty bad right now, what with all the NSA luvin' going around over here. Now imagine a company that has all of it's servers in the US, Israel and Germany (with a few in Japan)--in light of recent revelations regarding NSA spying--and maybe you'll understand why Incapsula is paying for ads/articles all over the damn place, including /.

They are fucked, and this marketing blitz is a Hail-Mary attempt to save their ass from the fire that Snowden just lit under it. Personally, I love a good BBQ.

Re:Incapsula

[lazybeam]

We are an Incapsula customer and I can tell you we were NOT "completely unaffected". We experienced about an hour total of complete down time and several hours of slow response. Our servers were unloaded - no problems when bypassing Incapsula. So I guess they protected us from "that" but in the meantime all sites were unreachable. Though different ISPs had different levels of slowness at different times (trying our two different office connections and three different mobile networks).

Re:Incapsula

[Joce640k]

We are an Incapsula customer and I can tell you we were NOT "completely unaffected".

Maybe you could call Sean Michael Kerner at eWeek and tell them Marc Gaffan was lying.

He's also on twitter: https://www.twitter.com/techjournalist

Is this an ad?

TFA sure reads like one...

I can't get one thing

[ruir]

If they haven't identified the attacker how can they say with 100% certainty it only came from one source, and was un-reflected? For I all I know, you could have a botnet fabricating packets with the same characteristics simultaneously.

Re:I can't get one thing

[malacandrian]

That is the point of using a botnet to run a DDoS, yes. A single control signal issues a huge surge in traffic. That doesn't make it an amplified attack though. An amplified attack is when the zombies trick a third party (such as a DNS server) to reply to the victim with more information than you sent them. This can up the size of the attack 100-fold.

no real verifiable info but plenty of product plug

[YesIAmAScript]

The worst example of advertisement through press release in recent memory.

At least on slashdot.

Re:How much bandwidth is that?

It's probably not "100 Gbps/sec" since the seconds cancel out and thus isn't a measure of bandwidth (a 12MB attack would be pretty lame). And since TFS said "bits," not "bytes," all of those options with a capital "B" are also unlikely. So, the answer to your question is "no."

Re:How much bandwidth is that?

[TubeSteak]

The attack peaked at 100 Gigabits per second
The webhost (actually a CDN) had 400 Gigabits of total bandwidth available + various DDOS protections in place.

RTFA

Re:How much bandwidth is that?

Using the perl "english words have lower priority than real operators" convention (see "and" v/s "&&"), the / binds more tightly than the "per" operator, and thus, it's Gb / (s/s). And the seconds therefore cancel. ;)

Re:100 GBit isn't large

[wonkey_monkey]

Thank you Captain Multiplication.

I know what happened

[OhANameWhatName]

other than Incapsula and its own service providers that were on the receiving end—no one seemed to notice

Thanks a bunch for saving the internets Marc. I'll be sure not to notice again soon.

Re:first

[oldhack]

If you were a Japanese dude with $9/month internet package, you could have been the first. Loser.