Slashdot Mirror
Dyn Executive Responds To Friday's DDOS Attack (dyn.com)
"It is said that eternal vigilance is the price of liberty...We must continue to work together to make the internet a more resilient place to work, play and communicate," wrote Dyn's Chief Strategy Officer in a Saturday blog post. An anonymous reader reports:
Dyn CSO Kyle York says they're still investigating Friday's attack, "conducting a thorough root cause and forensic analysis" while "carefully monitoring" for any additional attacks. In a section titled "What We Know," he describes "a sophisticated attack across multiple attack vectors and internet locations...one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack." But he warns that "we are unlikely to share all details of the attack and our mitigation efforts to preserve future defenses."
He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."
Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.
He posted a timeline of the attacks (7:00 EST and 12:00 EST), adding "While there was a third attack attempted, we were able to successfully mitigate it without customer impact... We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these." He predicts Friday's attack will be seen as "historic," and acknowledges his staff's efforts to fight the attack as well as the support received from "the technology community, from the operations teams of the world's top internet companies, to law enforcement and the standards community, to our competition and vendors... On behalf of Dyn, I'd like to extend our sincere thanks and appreciation to the entire internet infrastructure community for their ongoing show of support."
Online businesses may have lost up to $110 million in sales and revenue, according to the CEO of Dynatrace, who tells CNN more than half of the 150 websites they monitor were affected.
And they made us look the foo!
Is that really lost business or was it just a delay in the interaction for the customers?
If shop's not available one day I'll wait a day or two to place my order. It's only if stuff is offline for a long period that it's really lost business because then I probably have gone elsewhere.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Amen.
Praise the Lord our Savior!
This is satire, right?
Jesus'll get you for that.
i've heard figures quoted as high as 6x the 650gbps that was used against krebs... yet dyn seems quiet on how big this ddos actually was.
REPENT SINNER!! For the end is nigh!!
Does anybody find it ironic to see the slashdot sales as for IoT cameras immediately above this sorry? Until we can somehow force vendors to responsibly patch, these devices have NO BUSINESS being on the web and we should boycott them. (Looking at you, AVTECH)
Would be nice to check my addresses in case my network was an offender so I can fix something I may have missed.
the IT equivalent of these will of course be announced to have been found, carelessly left behind. Everytime something happens on the Internet, the U.S. will end up saying they have found evidence that Russia did it. Or it's North Korea, or China, or whoever else is on the current agenda.
I'm more concerned about people writing comments like yours. What the heck do they play the national anthem before every friggin sports game? No other country does that as far as I know unless it is international competition. This hard core nationalism is what is causing many problems. As far as people shooting others, get rid of guns as much as possible and the number of shootings and deaths as well as crime in general will go down drastically. I have no idea what Jesus could do here, if he'd did what the Bible claims he did under today's laws, he'd be thrown into jail on terrorism charges.
While you joke, just wait until everyone claims peace and security. Just wait until governments turn on false religions like the filthy whores that they are. While everyone is intoxicated on Trump, Hilary and lies of the media like Fox news, when they even figure it out, it will be too late.
Wow, that reporting is a class-act. The CEO is hardly likely to say "The hack caused massive disruption because our business model is directly in opposition to the concept of a distributed independently administrated system. Instead, we our have everyone put their eggs in OUR one big basket"
Without going into inordinate amounts of detail, the fault--and therefore the bulk of the solution--lies FIRST with IoT device manufacturers who fail to provide even inadequate security for their Internet-connected devices and SECOND with lazy, uninformed consumers who fail to change the default password on the IoT devices they purchase; the solution could also include disabling the wide-open IoT nature and restrict the device capabilities to not include the proverbial kitchen sink which makes compromising the device in the first place possible. Additional solutions can and should be provided downstream, from the consumer routers in our homes through the various ISPs, but you cannot fix the problem by only working the periphery ... you MUST start at the source; everything else is secondary.
I avoid DNS where I spend 95++% of time online via hosts hardcoded favorite sites @ the TOP of hosts (driven by the IP stack itself in kernelmode for best performance) resolved in local system RAM cached!
Sites resolve faster than remote DNS + avoid it being downed or say, kaminsky flaw redirected.
* It works for more speed (adblocking & hardcodes), security (vs. malvertising & maliciously coded sites or malware serving ones), reliability (again vs. downed or poisoned DNS) + anonymity (vs. ad trackers + dns request logs) natively using what you already have, not adding on more that does less & uses more resources + is loaded w/ vulnerabilities.
(DNS security issues enumerated here in 18++ categories w/ 100's of examples from reputable sources https://news.slashdot.org/comm... )
APK
P.S.=> For the BEST possible custom hosts file APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?... ... apk
Hosts rewrite each time I recreate it daily (from a fresh backup of what I had already + new data imported) & Windows doesn't "bypass" hosts for anything but Windows update (a good measure vs. exploit of hosts) - prove otherwise.
* Above & beyond WFP/SFP that protects hosts, my hosts file engine protects it & NOTHING in usermode can "bust thru" that last layer of protection I provide (I've tried myself).
APK
P.S.=> There's also no disputing that hosts files 'hardcodes' (easily rewritten as I noted above by my program on updates) work vs. DNS issues (tons of them shown in my post you replied to - literally 100's) simply by AVOIDING DNS & it's numerous security issues ... apk
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon
take a look at the APK hosts file engine by SuperKendall
APK is kinda right. I've tried his hosts file generating software. It works by bmo
APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa
I like your host file system by Karmashock
I find your hosts file admirable by vel-ex-tech
* My code's liked/used + recommended & hosted by Malwarebytes' hpHosts - Argue w/ those folks above.
APK
P.S.=> See subject & those quoted /.'ers - want more? apk
This time the bullet cold rocked ya
A yellow ribbon instead of a swastika
Nothin' proper about ya propaganda
Fools follow rules when the set commands ya
Said it was blue
When ya blood was read
That's how ya got a bullet blasted through ya head
Blasted through ya head
Blasted through ya head
I give a shout out to the living dead
Who stood and watched as the feds cold centralized
So serene on the screen
You were mesmerised
Cellular phones soundin' a death tone
Corporations cold
Turn ya to stone before ya realise
They load the clip in omnicolour
Said they pack the 9, they fire it at prime time
Sleeping gas, every home was like Alcatraz
And mutha fuckas lost their minds
Just victims of the in-house drive-by
They say jump, you say how high
Just victims of the in-house drive-by
They say jump, you say how high
Run it!
Just victims of the in-house drive-by
They say jump, you say how high
Just victims of the in-house drive-by
They say jump, you say how high
Checka, checka, check it out
They load the clip in omnicolour
Said they pack the 9, they fire it at prime time
Sleeping gas, every home was like Alcatraz
And mutha fuckas lost their minds
No escape from the mass mind rape
Play it again jack and then rewind the tape
And then play it again and again and again
Until ya mind is locked in
Believin' all the lies that they're tellin' ya
Buyin' all the products that they're sellin' ya
They say jump and ya say how high
Ya brain-dead
Ya gotta fuckin' bullet in ya head
Just victims of the in-house drive-by
They say jump, you say how high
Just victims of the in-house drive-by
They say jump, you say how high
Uggh! Yeah! Yea!
Ya standin' in line
Believin' the lies
Ya bowin' down to the flag
Ya gotta bullet in ya head
Ya standin' in line
Believin' the lies
Ya bowin' down to the flag
Ya gotta bullet in ya head
A bullet in ya head (repeat x7)
A bullet in ya head! (Repeat x6)
Ya gotta bullet in ya fuckin' head!
Yeah!
Yeah!
did the attackers ask for to stop the attack?
Here's an actual letter sent to my company when we we're attacked earlier this year. By the way, they didn't breach us in any way, shape or form. They just hit us with traffic. The letter makes it sound like they had more, but nope, they didn't have shit.
Hello Support,
We are a team of highly skilled independent security consultants. One of your competitors hired us to take your site offline for an entire month (which we have the resources to do but don't like the contact and might be able to work together instead) and I must say that we have seen ALOT of miss-configured sites with security issues but it took our DB expert less then 30 minutes to dump your sql database without setting off your IDS system.
We want to disclose some of the flaws we found with you and have already put a significant amount of time in researching, exploiting and then documenting the vulnerabilities we found. Unfortunately, most site owners don't give a shit and would rather wait for more malicious hackers to come along. We are going to stop that from happening.
We are taking your site offline until we here from you. Our initial consultation will cost 1 BTC. That price will go up half a btc for every 12 hours we have to keep your site offline. I want to personally assure you that we have the power to keep your site down for an indefinite amount of time. We are the ones who took down xbox live all week (testing ONE of our new servers). In addition to letting your site up and giving you a report of what we found and how to fix it we will also let you know the ONLY way to stop a DDos attack the size we are capable of launching. We will also add you to a blacklist so no one else fucks with you.
The BTC can be sent to the following address :
I know that you are going to try to mitigate but in the end that is only going to cost you a lot more money. You make enough from betting and advertising alone that just an hour of downtime wont justify the cost. Our team also understands that you will try to mitigate but nothing will stop the attack except my command. Your hosting provider will not be able to help, the authorities wont be able to help you, your firewall is easily bypassed and any ddos service you try to bring in we can bring down (we have done this for a long time). believe it or not we are not the masked assholes stealing credit card numbers. Most of us have families and can't find legitimate jobs in our fields right now and have families to feed.
Regards,
GETDD0sed
The issue with DNS is that it's a centralizing service. As the world moves more towards a decentralized, distributed Internet, the first piece that moves in that direction should be DNS services.
It could be done right now using a similar blockchain to the one bitcoin uses. In fact, you could also tie in SSL into the platform, to prevent centralizing services like Verasign from being a weak point. The design is already in my head - just need to build it. Anyone have some free time?
The fact that so many publicly facing, completely insecure devices ripe for hacking were able to be assembled in the first place is one of the biggest things we should be looking at moving forward.
I think there should be a common, open-source framework for building secure IoT device firmware. Obviously people are going to be buying these things more and more as time progresses. Why not make it simple for them to implement something secure instead of leaving them to reinvent the wheel? Obviously they're concerned mostly about convenience otherwise they would have built better security in. Maybe they don't have the skill to do it correctly. Maybe they're not being paid enough. Point is that I think there should be efforts in the open-source ecosystem to help make these things easy and plug-n-play when developing a new baby monitor/security camera/etc.
And, we should publicly shame the companies most to blame for these insecure devices being used in an attack of this magnitude. Paste their names all over and make sure people KNOW that they're buying utter insecure shit that may be used to attack others. Not to mention your own privacy and security regarding cameras/microphones/security devices, anything even semi-critical really.
It is pitch black. You are likely to be eaten by a grue.
"The issue with DNS is that it's a centralizing service"
One way to do that is at the app level. Get the two big US brands to stop the smartphone integration of device apps that have a free flow onto the internet.
The app gets delisted until the device is fixed or upgrades.
It can be fixed by the IoT builders as they want cheap or use long supply chains.
The consumer want easy, powered on, integrated, working devices. No entering long unique passwords deep in the packaging.
Get AV firms to scan local networks and tell users their entire network and all their devices are unsafe on the internet?
Domestic spying is now "Benign Information Gathering"
I remember when they were dyndns.org. I remember when they provided great dynamic DNS services for free or super cheap. Over time they became more and more commercialized, then more and more enterprised focused. They lost my business a long time ago. Nowadays you can have low TTLs with most service providers, and even if you can't, many ISPs have semi-static IPs for their residential and commercial accounts. There are also more rapid ttl based dyndns offerings including Google Domains. From a company perspective, nobody I work with uses Dyn...though apparently some pretty big names do. Many businesses I work with use Google domains, or some other large provider. One site I managed used GoDaddy, and oddly enough they were down. I wonder if GoDaddy uses Dyn on the backend?
Like it did in Australia? Oh, wait.
GFY, you gun-grabbing fascist.
20 January 2017: the End of an Error.
Yes just like that. Moron.