Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Live Map of Ongoing DDoS Attacks

Posted by Soulskill on from the all-the-traffic-you-can-eat dept.

Daniel_Stuckey writes "Check out the Digital Attack Map. It was produced in a collaborative effort by Google Ideas and Arbor Networks to raise awareness about distributed denial of service attacks. You know, those malicious digital attempts to choke, or shutdown websites by sending them volumes of traffic far too large for them to handle. The map 'surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day,' as its about page explains. Created using attack data from Arbor's 'ATLAS® global threat intelligence system,' this is the D.A.R.E. of DDoS — it's about the danger of having information streams cut off. Under the heading 'DDoS Attacks Matter,' Google and Arbor explain that 'sites covering elections are brought down to influence their outcome, media sites are attacked to censor stories, and businesses are taken offline by competitors looking for a leg up.'" This comes alongside Google's announcement of Project Shield, the company's homegrown DDoS mitigation service.

46 comments

  1. Slashdot Effect by Anonymous Coward · · Score: 4, Funny

    Where is Slashdot on this map?

  2. Slashdotted by vettemph · · Score: 4, Funny

    The site is currently being slashdotted. :)

    --
    The government which is strong enough to protect you from everything is strong enough to take everything from you.
    1. Re:Slashdotted by Freshly+Exhumed · · Score: 1

      It loaded perfectly just now. Anyway, it is kind of hypnotic after a few minutes... can't... shut... it... offfffff.......

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
  3. The irony by nxcho · · Score: 1

    This interactive map of denial of service attacks seems to deny it's own interactivity by freezing my browser every time I try to interact with it.

    --
    When asked why, the answer is almost always: "It's 2014".
    1. Re:The irony by fatphil · · Score: 1

      After staring at "loading attack data" for 10 seconds, I decided it was denying my service, and gave it the Ctrl-W.

      --
      Also FatPhil on SoylentNews, id 863
  4. Browser upgrade requirement by Anonymous Coward · · Score: 0

    The site has chosen not to display the content to certain browsers. I can't help it that our company policy has us locked to a certain version.

    Honest question: will animations, flash, silverlight, (or however it's displayed), really-really not work on last year's browser. Really?

    1. Re:Browser upgrade requirement by X0563511 · · Score: 2

      I think it's HTML5, so no - probably not.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    2. Re:Browser upgrade requirement by tibman · · Score: 1

      FF and Chrome auto-update now. If you are on IE 8 or 9 you may experience some problems. http://caniuse.com/#agents=desktop&cats=HTML5&statuses=wd SVG appears to be supported in IE 9 so if you are XP and stuck with IE 8 you'll have to use a different browser. I didn't look at all the tags but SVG stood out. IE should not be tied with the OS, you should be able to update it independent of the OS version : /

      --
      http://soylentnews.org/~tibman
    3. Re:Browser upgrade requirement by Kozar_The_Malignant · · Score: 1

      Please repost these comments to the IE 11 story/flamewar.

      --
      Some mornings it's hardly worth chewing through the restraints to get out of bed.
  5. why hasn't the IETF solved the DDoS problem yet? by Darth+Technoid · · Score: 1

    surely, there's a protocol-level solution to this.

  6. More info Shinier animation by Anonymous Coward · · Score: 0

    There's a balance but I'd like to see more options for refinement and additional information, filter layer style maybe. Whizbang goes whiz.

  7. The DARE of DDoS by xepel · · Score: 4, Funny

    I certainly hope this isn't like DARE, or else it'll encourage an entire generation of kids to experiment with DDoS...

    1. Re:The DARE of DDoS by billstewart · · Score: 1

      If it's a for-profit propaganda organization masquerading as a non-profit education, then it's a lot like the original....

      --

      Bill Stewart
      New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  8. Lol. by Anonymous Coward · · Score: 0

    Seems quite a few countries are taking shots at china, but they're too focused on the United States to care.

    1. Re:Lol. by Chrisq · · Score: 1

      Seems quite a few countries are taking shots at china, but they're too focused on the United States to care.

      It amazes me the obvious number of attacks on China from the USA. What I find interesting is why nothing in Russia given the known hacks by Russian cyber-criminals? maybe they are so good that they all show as "unknown".

    2. Re:Lol. by Anonymous Coward · · Score: 0

      Most spam I get (in the UK which uses the £) are offering goods for the US market in US$.

      EVEN IF "most spam" is from Russia or China, MOST OF THE COMPANIES BUYING SPAMVERTISING are US companies for US customers in the USA.

      Since the reason spam is profitable is because people willingly pay for these illegal services, the root cause analysis has the USA as the reason for most of spam.

    3. Re:Lol. by geminidomino · · Score: 1

      It's not showing hacks, it's showing DDoS. And what you're looking at is actually US attacks on China -- it's not obvious from the map, and the animation is misleading. View the "Table" view to see that there are no "known" attacks from CN to US.

  9. Sources by gmuslera · · Score: 2

    The sources of the attacks is not so much where the person launching the attack lives, but computers that takes part in a botnet/have a trojan/visit special pages, or hacked sites (usually with the owner of those computers/sites having no clue of that happening). It could give new information on DDoSed targets, but for sources could have too much noise to be useful.

  10. Bigger problems by Anonymous Coward · · Score: 2, Interesting

    it's about the danger of having information streams cut off. Under the heading 'DDoS Attacks Matter,' Google and Arbor explain that 'sites covering elections are brought down to influence their outcome...

    If you can influence the outcome of an election by shuttering sites that merely cover the election, then you have way bigger problems than DDoS.

  11. Project SHIELD... by mythosaz · · Score: 1

    Agent Ward: It means somebody really wanted our initials to spell "shield"

    Google's Shield is an interesting dare to the malcontents of the internets... Resistant to attack, you say?

  12. Good case for a bigger question: by Anonymous Coward · · Score: 0

    I believe that individual liberty is fundamentally incompatible with any society, or at least inversely proportional to societal interconectedness. Fact is, every person who isn't immunized, and every person who isn't educated, and every computer that isn't up-to-date, patched, and secured.. is a liability to us all. Ultimately, the freedom to be or have one of these things will become untenable and will be removed. I believe that's a good thing.

    1. Re:Good case for a bigger question: by Anonymous Coward · · Score: 0

      Then tell that to all of the Win8 users struggling with the recent 8.1 update. Furthermore explain your reasoning to my mother who just had a Windows Update (Critical No Less) that wiped out her email addressbook today. Please stand close enough so she can reach you with the cast iron pan that she's already thrown at me for the situation and no I haven't found a backup of the addess book as live mail wont import that god damn thing and Thunderbird? Forget it, it's not in the fucking live-mail folder and it doesn't even give an oppurtunity to import from backup (Tbird 24+). I'm getting to the point of simply dropping back to Win98-SE as it was stable, doesn't have activation and runs all of my games w/o problems plus I can use Partition Magic and the boot manager to configure things to boot multiple copies of 98-SE

    2. Re:Good case for a bigger question: by tibman · · Score: 1

      Fact is, every person who isn't immunized, and every person who isn't educated, and every computer that isn't up-to-date, patched, and secured.. is a liability to us all.
      I'd say most of the time they are a liability to themselves and merely a nuisance to others who have to support them.

      --
      http://soylentnews.org/~tibman
  13. Re:why hasn't the IETF solved the DDoS problem yet by Qzukk · · Score: 4, Informative

    There's an ISP level solution to a major chunk of it, but they're too busy cracking down on bittorrent and competing voip/video services to do anything about it.

    A lot of DDoS traffic has spoofed source IPs in order to make it difficult to track down the source. All the ISP has to do is prevent packets from leaving their network if they aren't addressed from their network, and at least what's left can be traced back to the source. For instance, this would eliminate using DNS servers as reflectors for attacks, since these attacks rely on sending a DNS request with the From address forged to be the victim's from address.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  14. Poor Canada by gsgriffin · · Score: 1

    is once again overshadowed by the U.S. of A. I think I can see a little line dropping into Canada. There is still hope that more people will care enough to attack you, too.

    --
    jsut athnoer menagiensls ltitle psrhae for you to dcoede. Why do we wtsae our tmie dnoig tihs?
  15. 50 dollars worth of bitcoin by Anonymous Coward · · Score: 0

    To whoever can draw a penis pointing at mexico.

  16. Re:why hasn't the IETF solved the DDoS problem yet by Ardyvee · · Score: 1

    Man, that seems like a sensible thing to do. It's not good, suggesting sensible things. Why don't you please come by to our brain-washi-- I mean, educational center? You clearly need it.

    --
    I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
  17. Borg ass BS by SpaceManFlip · · Score: 0
    You must be assimilated

    You must comply

    Exterminate

  18. Re:why hasn't the IETF solved the DDoS problem yet by Anonymous Coward · · Score: 0

    All the ISP has to do is prevent packets from leaving their network if they aren't addressed from their network, and at least what's left can be traced back to the source

    Most ISP's already do this, just like most ISP's use a whitelist approach to BGP announcements. Not all, granted, but if you want to peer with the 'big boys' that's how you have to play.

    And just as an FYI to the GP, most DDoS are done with botnets these days so there isn't much in common in terms of source ip's and networks. It's not something that can really be dealt with at a protocol level, because there's usually no way to really tell if the traffic surge is legitimate or not. For example, when a nation like the US (just as an example) chooses to launch a new healthcare.gov website (hypothetical of course) which draws global attention and will draw tens of millions of unique visitors per hour (purely speculation of course) it has the exact same pattern as a sudden DDoS.

  19. Re:why hasn't the IETF solved the DDoS problem yet by Anonymous Coward · · Score: 0

    Unicast reverse path forwarding. ISPs should enable this on subscriber facing interfaces for the majority of their customers. The only exception needed is where customers have BGP adjacencies with the provider, as it's possible they could be multihomed and it would cause issues there. They could also enable something like NetFlow-triggered outbound subscriber shaping/inbound policing. If a customer is sending something which is obviously garbage (like TCP resets to the same destination), NetFlow could easily pick it up and an outbound/inbound policy-map/firewall filter (choose your vendor) pair would be automatically applied on the subscriber-facing interface. This will still allow the customer to use their connection, but bottleneck it until the offending flow stops. Providers already do things like community-string triggered null routing, but this is usually part of an add-on pay service. These other things could and should be done across most of their networks, most specifically on residential customers.

  20. Easy fixes by Charliemopps · · Score: 1

    Most of these attacks sources are either
    a. Idiots with DSL that click yes to everything
    b. Businesses that have no IT staff and let their nephew setup their network.

    The traffic is easily detectable and easily shut off by locking their account. ISPs don't want to do that because in most cases the target is not a paying customer and the person whos computer is compromised is. Why would they potentially tick off a paying customer before the target complains? Moreover why would they invest time, energy and equipment into detecting attacks?

    Fine the ISP. Then they'll have a reason to give a shit.

    1. Re:Easy fixes by Anonymous Coward · · Score: 0

      You're right that the ISPs should be fined. But then they will just turn around and give those extra fees to their paying customers.

    2. Re:Easy fixes by Anonymous Coward · · Score: 1

      Fine the CxOs and investors directly for malfeasance.

    3. Re:Easy fixes by Anonymous Coward · · Score: 0

      Fine the bad guys that are taking advantage over those poor bastards PCs.

      Captcha: despair

  21. Re:why hasn't the IETF solved the DDoS problem yet by Anonymous Coward · · Score: 0

    Many DDoS attacks don't need spoofed source addresses anymore. Oftentimes, it's sufficient to just have thousands of 'zombies' issue totally ordinary requests to the server. Has the added benefit that you are putting load not only on the network, but also on the server and possibly database.

    The numbers of zombies in these attack networks has gotten large enough that there is no way that an ISP could implement source address filtering for every single one of them.

    Therefore, your suggested solution won't work in many or even most cases anymore.

  22. Google DDoS mitigation by Anonymous Coward · · Score: 0

    I love the fact that Google has its own DDoS mitigation service. THE ADVERTS MUST GET THROUGH!

  23. if packets are like love... by Gravis+Zero · · Score: 1

    ... then the US has a whole lot of secret admirers.

    --
    Anons need not reply. Questions end with a question mark.
  24. Re:why hasn't the IETF solved the DDoS problem yet by Nemyst · · Score: 1

    Correction: many or most high profile cases. For every big DDoS we hear about on /., there are thousands if not tens of thousands that go unnoticed by the majority, done by some script kiddie who thought he'd have some fun with his tiny botnet or by some crazies in a Middle Eastern or slavic country who decided to deface your site and claim it as theirs. Those attacks very often rely on amplification and spoofing to do any damage.

  25. Re:why hasn't the IETF solved the DDoS problem yet by Anonymous Coward · · Score: 0

    "All the ISP has to do"

    All that all ISP's in the world have to do...

  26. Re:why hasn't the IETF solved the DDoS problem yet by gl4ss · · Score: 1

    most attacks on the map are "source unknown" type, which I assume means spoofed ip's.

    --
    world was created 5 seconds before this post as it is.
  27. CPU utilized by Anonymous Coward · · Score: 0

    I get almost 100% CPU utilization from that map...

  28. A rubbish map by Anonymous Coward · · Score: 0

    The map is total rubbish.

  29. Oh my God! by aaaaaaargh! · · Score: 1

    According to my version of the live map, there is a mid-sized attack from the US to China and at the same time a gigantic attack on the US from outer space!!!

  30. Low contrast = ignored by Anonymous Coward · · Score: 0

    Another POS low contrast design.

    Hey stupid kids:
    If you have something to say, don't say it in gray faded barely readable text.

  31. So what? by Anonymous Coward · · Score: 0

    "All that all ISP's in the world have to do.."

    Yes.

    And you state this why? Is it impossible for ISPs to do that? Remember there may be tens of thousands of ISPs but they have to hitch to one of only a select few backbone providers who are ALSO ISPs. And they know what subnet that IP came from. Therefore if only those few did it, then spoofing would only be possible within the same sub net that the noncompliant ISP did, and the botnet owner doesn't know (or to this point care) what are acceptable IP ranges to use that won't get nuked by this.

    Each of those major ISPs could also refuse to carry traffic from an ISP that doesn't apply this state.

    Remember, all that was needed to have a usable commercial home electrical goods system was for "All electronics manufacturers" to agree to a standard set of plug, voltage and/or frequency.

    Buy goods in your country and it will work because "all manufacturers" DID agree.

  32. Not great by whitroth · · Score: 1

    I'm on CentOS, so I'm running FF ESR 17.0.9. It displays the map, after I tell noscipt to do so. However... trying to see any given stream's info, putting the cursor over it, is a complete waste: it flashes, then vanishes. I move it upwards, and I can read part of it, but not the rest before it goes away. In effect, you can't read the captions on what you're seeing.

    I'd give it somewhere between a D+ and a C-., with D for useability.

                  mark