Massive DDOS Attacks Are Now Targeting Google, Amazon, and the NRA

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

So is Windows 10 to blame?

[bobstreo]

Or just malware being served as ads?

I'm thinking google, amazon and pornhub have measures in place to prevent massive DDOSattacks.

The NRA? probably not.

Wide-open memcached servers

There are enough moron administrators on the planet to make memcached ddos possible.
Jesus wept.

Re:Wide-open memcached servers

[MrL0G1C]

If admin's are too lazy to configure their servers correctly after it's been all over the news for weeks that their servers are being used to DDOS other servers then they really deserve to have those servers kicked off of the internet. 1 white hat hacker could stop all of them within an hour in this particular instance because they can all be stopped from ddos'ing with the 'flush command'.

Google, Amazon, and the NRA

[Patent+Lover]

The three pillars of society.

Re:Google, Amazon, and the NRA

[Patent+Lover]

You Russkie bots need to update your sarcasm algorithm.

Re:Google, Amazon, and the NRA

Didn't you watch Thank you for Not Smoking?

the so-called pillars of society were a team that called itself the MOD squad: Big Oil, Big Tobacco, and the NRA --the Messengers of Death.

But don't mod me. Just watch the flick before I give too many spoilers. You're welcome.

Re:Google, Amazon, and the NRA

I'm starting to think the Russian bots have adapted to claiming every comment is a Russian bot. Then once it is everywhere, it will be the equivalent of "[X] is known to the state of California to cause cancer" and will be ignored by everyone.

Re:Google, Amazon, and the NRA

[Patent+Lover]

Well try not to use words like "cuck" (especially as a verb) and "leftist". Nobody in the U.S. uses them.

I already have an AR-15, thanks.

Re:Google, Amazon, and the NRA

You apparently haven't looked at right-wing blogs lately, all of them use those words. Of course you might well live at the left pole and everyone right of Mao is an extreme right-wing Putin bot or what have you...

In short, that's a fine confirmation bias trap the left has fallen into. And no, I don't speak Russian. I can't even pronounce hello. It's some crazy thing like zdrastvuitiyuh that ties my tongue in a knot.

Re:Google, Amazon, and the NRA

Kind of cucked? The NRA has supported countless bans and confiscations over the decades. Recently here in WA, the NRA was asked to support fighting against a proposed law that took away due process before property confiscations, and they refused. Just this week we had Seattle police take property without compensation or due process. The liberal mayor here claimed the victim is getting due process because it will probably only take a year before they get their day in court. No. Rights delayed are rights denied.

Re:Google, Amazon, and the NRA

The three pillars of society.

... whereas Porntube is the ... phallus? ... of society?

Re:Google, Amazon, and the NRA

[sheramil]

And Pornhub... the... fourth leg.. of society.

Re:Google, Amazon, and the NRA

null route all countries that are hostile to the US. problem solved.

Re:Google, Amazon, and the NRA

When the Google, Amazon and NRA ride in the same cart, the whirlwind follows.

Re:Google, Amazon, and the NRA

[Maxo-Texas]

Well, that might actually be the "third" leg while one of the other services is the fourth leg.

Part of the Problem?

[Toad-san]

You then deserve what you get.

"Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating:
"The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization.""

Unethical my ass. Turn those suckers off.

Re: Part of the Problem?

Exactly. Why is everyone so pussified? If someone is messing with you, stop them. Why do people stupidly think it's more noble to sit there and be abused?

Re: Part of the Problem?

Because vigilante justice isnâ(TM)t justice at all. Society is quite clear on this point.

Re: Part of the Problem?

Not vigilante justice; self defense. if your being hit by someone you don't ask them why. You defend yourself. if a out of control car is bering down on you; do you let it or do you stop it?

Re: Part of the Problem?

sit there and be abused

This is not for your entertainment; watch some paint dry instead, or some Kardashian reality show. But do your job first, unless you happen to belong to that league of extraordinary gentlemen --- I am using that term loosely, Marge

Re:Part of the Problem?

It would be the technological equivalent to what the Russian anti-terrorist force did to that theater filled with over 100 hostages and a handful of criminals. Gas them all, kill them all. Problem solved.

Yes it's unethical you ass.

Re:Part of the Problem?

[140Mandak262Jamuna]

We can consider it simply self defense.

If a quarry nearby is storing large amount of dynamite without proper security, would we be worrying about the "possible impact on the legitimate activities of the quarry" or "punishing the quarry for the actions of the miscreants and the thieves"?

Your server is being used by vandals. Sucks to be you. Say bye to you buffers, we are flushing them all.

Go a step further. All public, open , unpatched servers should be given "flush all" command every six hour.

Re: Part of the Problem?

How do you stop a car from barreling down you? Asking for a friend. He's currently in the hospital after being struck by a car on a crosswalk. I'm sure your valuable information would have helped him.

Re: Part of the Problem?

...and if he had been in his own car, this never would have happened. Every pedestrian should carry their own car, for their protection.

Re: Part of the Problem?

Rocket launcher would have deflected it. Or antitank mine.

Beyond arms, a good guy with an SUV could have stopped him. We need more SUVs.

Re:Part of the Problem?

[jrumney]

We need to codify a right to self-defence in the laws that cover this. The kill switch as a standalone concept might be unethical and likely illegal, but when used in self defence from an attack of this magnitude it is entirely justified.

We need more Security by Design

[Aethedor]

We need more software that are secure by design. There is no reason to have a tool like memcached available for the entire internet. The memcached developers should have made it listen to localhost only by default. The setting to make it listen to other interfaces should be well explained in the manual, with all the risks and are-you-sure-you-want-this warnings.

Re:We need more Security by Design

Words printed on a manual would be analogous to the sign for an intergalactic hyperspace bypass that has been posted for centuries in the bottom drawer of a filing cabinet etc.

Re:We need more Security by Design

If the server only listens to authorized clients by default, then developers would immediately notice that their system isn't working until they do whatever incantation is necessary to authorize the proper clients.

Whereas if the server has no access control by default, then developers will see that the service is "working" and won't necessarily think to dig any deeper.

So, almost, but not quite, entirely unlike the situation you reference.

ALL

[Noishkel]

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens. Just like every Cloud Flair is responsible for every act of piracy that happens, Ford is responsible for every car crash, pharmaceutical manufacturers are responsible for every single OD, every single Mullah is responsible for every act of Islamist terror, and every single white male is reasonable for pretty much everything.

It's the [Current Year] and no one has any time for reasonable discussion. Just ban everything and you're a racist for not knowing this already.

Re:ALL

The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

Re:ALL

That's a pretty lame strawman. Thanks for adding nothing to the conversation. I feel dumber for having read this tripe.

Re:ALL

I'm pretty sure that Ford would fight tooth and nail against efforts to ban automobiles.

Re:ALL

[Applehu+Akbar]

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens. Just like every Cloud Flair is responsible for every act of piracy that happens, Ford is responsible for every car crash, pharmaceutical manufacturers are responsible for every single OD, every single Mullah is responsible for every act of Islamist terror, and every single white male is reasonable for pretty much everything.

That's how politics is argued these days. Any sentiment in favor of X means you are in the pay of Big X.

Re:ALL

[gweihir]

Indeed. The cretinization is continuing. The one cretin here that gave this lie is just a symptom.

Re:ALL

I'm pretty sure that Ford would fight tooth and nail against efforts to ban automobiles.

Ford already has gone on record as opposing efforts to increase automobile safety, reduce automobile dependence, increase fuel efficiency, and pretty much all the corporate crap that makes them suck.

And VW did one worse. How's that happen?

Re: ALL

[ScentCone]

Ahh, yes, of course, it's the MEDIA'S fault for mass shootings in America, not the proliferation of guns!

Well, let's see. Guns have never been more difficult to buy. Despite that, millions and millions more people have gone through the hoops to buy them over the last couple of decades, even as the rate of murder by people who USE guns is down to almost half what it was before the big spike in gun buying over the last ten years. In other words, what you're implying is actually the bunch of bullshit. Millions more guns are legally owned, and gun violence is dramatically down. If you remove four or five specific urban areas in the US (all run for decades by liberal legislatures/councils and executives, and with the tightest gun restrictions and yet very high, very localized crime problems in those spots), the US is one of the lowest murder rate countries in the developed world. But sure, it's the guns.

Re: ALL

Thick ropey layers of bullshit, the same as blaming the NRA.

Re:ALL

Guns and bullets don't kill people - adverts do! C'mon kids - lets kill other kids!

Re: ALL

When the media stopped mentioning suicides in the news in the 1980s, they plummeted significantly.

The media turns the shooters into celebrities, from giving biographies about Cruz, to reading his manifesto, to fawning over the Smith & Wesson M&P 15 that he used for his massacre, to mentioning him as a red-carpet celebrity constantly, above all other news for weeks on end. What does this give kids who are already coked to the gills on Prozac or an anti-depressant, who are kicked around, and normally would be suicidal? Yep, they realize they will get adulation and praise like they are a war hero, go find themselves a firearm, by hook or crook, and go take out who they think are the bad guys, committing suicide by cop... because the press will give them their 15 minutes and a score, for other shooters after that to beat.

Of course, we will get the "assault weapons" ban. It won't stop anything. If an AR isn't available, a Mini 14 will be. If semi auto rifles are not available, then there are shotguns. If semi auto shotguns are banned, a sawed off pump. If all guns magically are banned, someone will drive a pickup truck into the school. The fact is, the press turns the murderers into celebrities, rolling out the red carpet, to the point where they will pay the criminal defense teams if the killer writes a book and sells it.

Stop turning these fuckheads into war veterans, and we will see the mass homicides go down. Gun bans are not going to stop it.

Re:ALL

Sounds good. Australia did that, and has not had a mass shooting in years. Venezuela has done that, and has crime being 1/1000 what it was. Japan has zero fatalities from firearms on its soil. Many nations have banned guns, and, gee whiz, they don't have mass shootings.

Re:ALL

[SimonInOz]

The NRA is not responsible for every single shooting. But there's a strong correlation between their existence, and shooting.
In all countries with the NRA there is 10x the number of shootings as in ones without.

You know it's a funny thing,. According to recent historical documents, the CIA was required to take action where there was a one percent chance of causing terrorist activity. You'd think the NRA would make that mark easily.

So, they are bad dudes. Fat, ugly, gun carrying, gas guzzling vehicle driving redneck bad dudes? Really - well, yes, often, probably mostly, but not always. But as a political organisation, they are pretty horrible. They agitate to stop any gun measure, no matter how sensible. Crazy people with guns - why not? 12 year olds with guns, sure, let's do it.

And the slaughter continues. Someone even gets shot by a toddler every week in the USA. Toddlers kill more Americans than terrorists.
Could it be you are spending the money in the wrong place?

I admit DDOSing a website is a bad thing. But it's hard to be sympathetic to an organisation that indirectly causes the death of thousands each year. I wouldn't be terribly sad about attacks on the KKK, or the Scientologists, or even the Catholic Church, come to that.

Re:ALL

[harrkev]

Well, there is a correlation between guns and shootings. No guns, no shootings. In other, more civilized countries, their mass murderers use bombs, trucks, and knives. We need our dead killed by other weapons. You can go to a funeral of a stabbing victim and just see the joy on the faces of the relatives that at least their loved one was not shot.

I think you will find that NRA members are among the ones that follow the law the most. They don't want to agree to any gun measure, no matter how sensible, because their "sense" tells them that criminals don't obey laws -- even gun laws. Let's pretend that the NRA did not exist.

Shooting....
Whoops, let's ban assault rifles.
Shooting...
Hey, let's ban all semi-automatic guns.
Shooting...
Well, maybe we should ban all handguns.
Shooting...
Fine, we will ban all guns.
Shooting...
Wait, the criminals didn't turn theirs in? I'm shocked!
Shooting...
OK. Time to search house to house and get them all.
Truck attack...
Damn. 60 people killed with a truck. What do we ban now?

Yeah, it is kind of like that. I should like to point out that a few decades ago, you could MAIL ORDER GUNS. Background checks did not exist. And yet in the 40's and 50's you did not have random shootings like you do today. No, the guns haven't changed. The "Browning Hi Power" was invented in the 1920's, and had a 13-round magazine. Yeah, you could just order one through the mail. Get for extra mags, and you have 65 rounds of hot death that fits in your pockets. But no school shootings.

So, please provide proof of your claims. How many NRA members are responsible for murders? Please provide links showing the crime and their NRA member status. I will wait.

Re:ALL

Imagine if AAA (the Automobile Association of America -- a club of drivers that helps them get discounts and travel assistance) was acting as a mouthpiece for auto manufacturers, lobbying against safety standards for cars.

If any legislator suggests that cars ought to have seat belts, crumple zones, air bags, or side-impact door beams, AAA runs attack ads and funds a candidate to run against them. If anybody sponsors a bill that owners should have a test before getting to drive, requiring insurance, or mandating registration, they lose their seat.

Given that scenario, is it wrong to blame AAA (or, indirectly, automakers like Ford) for any given death in a car accident? Of course, AAA didn't cause the car to crash but they did do everything possible to ensure the car would do nothing to prevent the death.

So imagine how many fewer shootings there would be if the NRA advocated for safety instead of against it; imagine if they advocated for responsible gun ownership and usage instead of fomenting fear, uncertainty, and doubt amongst their base. However many that would be is the number of shootings the NRA is responsible for.

Every time a toddler shoots his mom because the NRA lobbied against mandatory trigger locks, the NRA is partially responsible. Every time a mentally unstable person shoots himself because the NRA lobbied against background checks, disqualifying mentally ill people from gun ownership, or waiting periods, the NRA is partially responsible.

dom

Re: ALL

[Brockmire]

False equivalence. Does Ford fight against driver's licence restrictions? If seniors were forced to get tested more often or prove competency, would Ford be actively fighting that?

Re: ALL

The murder rate would be lower if the US enacted reasonable gun laws like NYC. Shouldn't we try to continue to lower this?

NYC is one of the safest cities in the world. They also have gun laws that have been proven to be compliant with the 2A. Shouldn't the rest of the nation be the same?

Re: ALL

California also has some darn tough gun laws and yet that didn't stop the San Bernardino shooting from happening did it? Illinois also has some of the strictest gun laws and yet Chicago has some of the highest stats on gun violence.

As others have pointed out, we have a culture problem.

Re:ALL

Venezuela has done that, and has crime being 1/1000 what it was
Ha ha ha ha. You are so funny.

Re: ALL

[ScentCone]

Maryland, likewise, as some of the toughest gun laws in the country. The city of Baltimore further tightens those, making gun ownership there extremely difficult. And yet, Baltimore is now the murder capital of the country. And ... shockingly, the overwhelming majority of those crimes are committed with: guns possessed by people not legally allowed to own them, guns which were procured usually through theft or fraud. Meanwhile, just miles away in almost every direction, guns are substantially easier to get and carry legally, are owned by FAR more people, and the rates (and hard numbers) of crimes involving guns are a small fraction of what they are in Baltimore. Why? Because criminals in Baltimore face very little in the way of consequence for being career criminals.

Shouldn't the rest of the nation be the same?

No. Because all of the places that most tighten down such laws see increases in murder and other crime. But nationally, such crime has been in a steady decline for thirty years, even as gun ownership has jumped by millions. Your narrative is exactly, precisely backwards.

Re: ALL

This article by David Brooks is insightful. The gun issue is part of a wider culture war.
https://mobile.nytimes.com/2018/03/01/opinion/progressives-win-culture-war.html

Re: ALL

Never been more difficult? I can go onto craigslist and find one tonight if I wanted.

Re: ALL

[nmb3000]

When the media stopped mentioning suicides in the news in the 1980s, they plummeted significantly.

Completely false. Even assuming you're right about reduced mention of suicides in the 80's, this chart shows a complete lack of "plummeting": At best it shows about 12 deaths per 100,000 in 1980, and about 10 deaths per 100,000 in 2005.

That's a drop of 16%, which could just as easily be attributed to the reduction of leaded gasoline. Or the invention of Internet porn. Or any number of other things.

Re: ALL

The problem is the number of dangerous people allowed to roam the streets, not the weapons they can buy stolen for 1/5 their retail cost.

Re: ALL

I would not be terribly sympathetic with hacktivists who've been tracked by former NSA and GCHQ people online and former Spetsnaz operators on the ground.
Perhaps picking on billionaires is a bad idea?

Re:ALL

[LaughingRadish]

The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

Here's a slight but very significant correction: The NRA actively opposes ineffective and counter-productive efforts to fix the problem. The talking heads either can't or won't offer any rational justification for gun control, so they resort to name-calling.

Re: ALL

[ScentCone]

Never been more difficult? I can go onto craigslist and find one tonight if I wanted.

Oh, you mean ILLEGALLY obtain. Right. That's the whole point. For years, we've been making it ever more difficult for law abiding citizens to purchase, transfer, possess, carry, or use firearms. This has absolutely no impact on people willing to break the law by transferring guns outside of the legal framework in place. Or did you mean ... using an online ad to begin a legal transaction, which is subject to current state and federal laws?

Re: ALL

That's why in the UK, with much tougher gun laws has much higher rates of homicide with guns.

Re: ALL

[quenda]

If you remove four or five specific urban areas ... the US is one of the lowest murder rate countries in the developed world. But sure, it's the guns.

That is way overstating your case. Removing poor black urban areas with high homicide rates will help, but even New Hampshire, the state with the lowest homicide rate, is around 1 per 100,000, comparable to big cities with visible crime problems in Australia or Europe, and far from "the lowest murder rate countries".

Yes, fear of guns in the US is greatly exaggerated. I've tried to persuade people that the US is quite safe to visit. But twisting the truth like that to say there is no gun problem ... its just incomprehensible to us outsiders.

Re: ALL

[ScentCone]

Yes, fear of guns in the US is greatly exaggerated. I've tried to persuade people that the US is quite safe to visit. But twisting the truth like that to say there is no gun problem ... its just incomprehensible to us outsiders.

Well, it's incomprehensible to "outsiders" only if those outsiders are deliberately trying to confuse criminal acts with the existence of guns. The problems ARE concentrated in specific places. Not in "poor black urban areas" but in specific urban areas. There are plenty of places that are relatively poor, mostly black, have high gun ownership rates, and low murder rates. That's the norm, and specific murder-heavy neighborhoods in parts of Chicago, Baltimore, etc., are the exception. But the gang-bangers there are so busy killing each other over turf and enjoying their freedom because of local liberal government policies, that they throw the entire nation's stats way off. Mentioning that isn't "twisting the truth." It's simply telling the truth.

Re:ALL

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens.

When you fight against every single possible measure to stop or slow the killings, no matter how reasonable, no matter how obvious and correct, then you are effectively saying that the deaths are the preferred outcome if it prevents any new regulation or limitations whatsoever.

In short they believe with all their heart and souls that the blood of innocence is the price we pay continually for protecting these unlimited gun freedoms. In short they have embraced It with all their being, and crazy shit like guns for teachers, and banning violent video games is just a lame ass attempt to avoid the core issue.

Their actions show me that they believe the deaths are worth it. That makes them partly responsible for those deaths. The blood is all over their hands, just as it is all over the hands of the actual killers. You can argue that all those deaths are the better outcome, but you can't argue that the blood isn't on their hands, not without lying that is. The rules society lives with are the responsibility of that society and no, I don't buy the and criminals will get guns anyway. Sure, it would take time to change, but change is possible. It always has been. We grasp onto the belief that we are powerless to change an outcome, only to absolve ourselves of the responsibility of the hard work to do so.

Re:ALL

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens.

What percentage is acceptable to you?

Re: ALL

This shows that we need better enforcement. If you just used the tacti-cool bragging on social media as probable cause for a search warrant, coupled with mandatory minimum sentences and involuntary commitment (they do this in Texas with the repos... prison sentence, then life as a "resident" in Littlefield), the gun problem would be solved pretty quickly.

Re: ALL

[I75BJC]

Yes, they would. Seniors buy a LOT of Fords.

Re: ALL

[ArylAkamov]

. They also have gun laws that have been proven to be compliant with the 2A. Shouldn't the rest of the nation be the same?

You sure have a weird definition of 'shall not be infringed'.

Re: ALL

[ArylAkamov]

It's almost like the us and the uk are very different places, with different cultures.

Re: ALL

[quenda]

The problems ARE concentrated in specific places. ... that they throw the entire nation's stats way off.

The "If you remove four or five specific urban areas ... the US is one of the lowest murder rate countries" is a total fabrication.
Don't pat yourself on the back for being better than Mexico. Given that not a single state has a low homicide rate, you'd have to be removing an awful lot of "specific" areas.

And the mass-shootings are almost always in the US. Given this problem, it is crazy that a lone nutter can so easily obtain multiple semi-automatic weapons.
What is so wrong with background checks and waiting periods? Why should a gun license be easier to get than a driving license?

Re:ALL

The purpose of semiautomatic rifles is to kill or disable humans as quickly and efficiently as possible, multiple targets within a few seconds. Or charitably, they may be used as a deterrent because of their well known capacity to do the same. Period.

That is not the purpose of automobiles, kitchen knives, large plastic bags, etc.

Re: ALL

[ScentCone]

What is so wrong with background checks

Nothing. Which is why we have a national instant background check system. Groups like the NRA have been pleading with state governments and other agencies to participate more fully in providing information to that system. Murderers like the man in Florida a couple weeks back would have been prevented from making that purchase if authorities weren't so paralyzed by political correctness and afraid of SJWs that they won't allow the system to actually work.

Re: ALL

[quenda]

paralyzed by political correctness and afraid of SJWs

I loathe those as much as the average NRA member, but what is the connection?

Re:ALL

Yes, the purpose of weapons is to kill.
And that's precisely why we need them in abundance if we wish to remain free.

Without punishment (violent or non-violent) would sons and daughters obey their parents?
Without threat of retaliation would criminals act in plain sight?
Without jail, prison, fines, or hanging would men obey the law?
Without threat of insurrection and being lynched in the streets why should governments obey their limits?

Read some history books, even just on the past century, and let the lessons really sink in.
The government is not your friend.
Your own neighbors in the form of a mob or as individuals will burn down your store, rape, rob, and/or murder you if they think they have a reason to or if they just want your stuff.

Welcome to real life, sweet summer child. It's violent out there. If you want to stay alive and preserve liberty then you better get good at handling it.

Re: ALL

[ScentCone]

What's the connection? The handful of urban areas that account for so much of the bad-guys-used-guns violence statistics are, not surprisingly, also places that have a particular problem with not handling career criminals - on the books - in a way that would see them out of action. Both in terms of their gun-buying rights specifically, and their liberty generally. In Baltimore, for example, some 85% of the guns seized from those arrested in connection with violent crimes are already people with long criminal histories. They'd already fail the background check and would be undeterred by ANY law that would limit their access to guns (because they've already made the decision to criminally acquire and carry and use them). So in their case, the problem is the local political climate as it relates to catch-and-release prosecutors who are more interested in cultural pandering than actually reducing violence. So instead they tell law-abiding people that the solution is to make it ever harder to legally own a gun, or that reducing the capacity of a law abiding owner's pistol magazine will somehow prevent a criminal from shooting somebody.

Re: ALL

I went to CL (Phoenix) to see. Darn, but I found a listing, for a 'arizmendi ruby pistol', but nothing else using a variety of search terms. The first one I recall seeing.

Lots of parts, accessories, and such, but that ONE gun. I bet it is gone soon, prohibited.

CL of course has been abused, but I think their TOS says no guns.

You clearly meant Backpage, a cesspool of scams and thieves.

Re: ALL

[quenda]

They'd already fail the background check and would be undeterred by ANY law that would limit their access to guns (because they've already made the decision to criminally acquire and carry and use them)

Sorry, you'll have to explain this. Are you trying to say that it is impossible to implement gun-control in Baltimore?
The point of gun control is to make it harder for people to get guns, not just tell them they are not allowed. That would be silly.
    Especially, make it hard to obtain the most deadly weapons in the heat of the moment. It is not going to stop organised gangs, but that doesn't mean we give up.
    Are you thinking that this is not possible in Baltimore? Too many illegal guns in circulation already? Too easy to steal them? Why could it not be enforced?

We had a lone-nutter Islamic terrorist take hostages in Sydney a while back. The best he could obtain was an ordinary shotgun. If it was the US, he would have had an assault rifle, semi-automatic pistol, pump-action shot gun, and a lot more people would have died.

Re: ALL

[ScentCone]

Sorry, you'll have to explain this. Are you trying to say that it is impossible to implement gun-control in Baltimore?

No, I'm saying that they've already implemented very stringent gun control in Baltimore. As a result, it has long since been very difficult for people to legally possess (let alone use, for self defense) guns there. Needless to say, the rampant problem they have with crime there involves life-long criminals that really don't care, at all, about legally owning or using guns. Such laws only impact the law-abiding. As a result, virtually all of the guns confiscated from criminals and collected from crime scenes are - of course - not legally owned, possessed, or transported. Because criminals are criminals.

The best he could obtain was an ordinary shotgun.

Or, he could have spent $50 on stuff from the kitchen and hardware stores, and easily killed dozens of people if he could read. Not sure what your point is. Terrorists using cars and trucks have killed dozens and dozens of people multiple times, by simply running them down. I'm guessing you're thinking it was all about the cars and trucks, though.

Re: ALL

[quenda]

No, I'm saying that they've already implemented very stringent gun control in Baltimore.

Isn't the problem with local control totally obvious? They just drive to the next town. Its embarrassing having to say that.

Such laws only impact the law-abiding.

Catchy slogan, but simply is empirically not true. Take a look at the world.

Or, he could have spent $50 on stuff from the kitchen and hardware stores, and easily killed dozens of people if he could read.

You really think so? And yet, that does not happen.

Re:NRA

Why would anyone target The NRA? Seems really suspicious.

Fuck the NRA, the NRA richly deserves being DDOS'ed, the other two cheat on their taxes so they also kind of deserve it, the real question here is : WHY PORNHUB!!!

Re:NRA

[PolygamousRanchKid+]

Why would anyone target The NRA? Seems really suspicious.

It stokes up conflict among the pro-Second Amendment camps and ant-Second Amendment camps internally in the USA, and generally weakens democracy there. The right will blame it on the left, and they will all get into a massive huff over it.

International shits & giggles.

Why would anyone target Amazon, Google or Pornhub . . . ?

Why not, if someone else is footing the bill to disrupt the Internet.

Now who could that someone be . . . ?

Re:NRA

[BeerCat]

Why would anyone target The NRA? Seems really suspicious.

Maybe because they oppose net neutrality?
https://www.reuters.com/articl...

Put it to some good use?

[Vektuz]

unsecured Memcached servers could store data - par2'd data chunks, for example, similar to a newsgroup - along with indices / torrent tracker data / etc. And since they will store keys from spoofed UDP packets, there is no good way to figure out who put the data there.

Just saying. Better than ddoses :(

We need to ban computers and the Internet!

[Khan_Singh]

Computers and the internet are obviously responsible for this DDOS attack. The people behind it might as well not be there! And these filthy organizations like yahoo and google who represent computers and the internet can go die in a fire! Who cares that the vast overwhelming majority of internet use is great, and it acts to curb government excess. I for one canâ(TM)t wait to put all of my trust in a dishonest, kill happy government run by corporate interests for all of my information in the future.

Re:We need to ban computers and the Internet!

Dude, Computers don't DDoS. People DDoS. We have got to ban people from using computers.

Re:NRA

My guess is that people are hitting big names on purpose. By doing it that way it makes the mainstream news and increases the chances of it getting patched.

I can see ignoring option before, but after time?

[SuperKendall]

That's great they managed to patch 60k out of 100k vulnerable systems...

But as the rest of the systems continue to degrade the internet - at some point don't you have to say, for the public good these servers have to be shut down externally?

It's fine and dandy to say it's not justified to disable someone else's system that is unknowingly taking part in an attack. But that ignores that all companies and people that put systems on the internet have a responsibility to monitor and keep them up to date, and if they abuse that responsibility they lose the right to complain about external kill switches being activated.

It seems like after some time if you cannot get people to be responsible, you do what you have to and maybe next time they will be more proactive about fixes.

I can see ignoring option before, but after DNS.

Well I remember when I had misconfigured my DNS server. The one's I were connected to didn't "kill me", they just sent a message telling me to fix it.

Kill switch

[GrahamJ]

I haven’t seen it described but I assume the kill switch would be to point the servers at themselves or other open servers?

Re:Kill switch

[Zocalo]

It's not really a kill-switch in the sense of turning the service off, so much as a temporary reset button. What it does is to send a command to memcached to drop the contents of its cache, at which point the spoofed packets of the DDoS will not actually stop outright but be considerably be reduced in size and thus reduce the effective amplification factor of the attack. Unfortunately, the server would then immediately start to repopulate its cache and the amplification factor would gradually recover back to its former levels, something that could happen quite quickly for some cached databases if the underlying query rate is high enough. To effectively shutdown a server, you'd need to keep sending the flush command at regular intervals - in effect launching a DoS at the server to prevent it launching a DoS at another server, so sinking to the same level as those trying to launch the DDoS.

Re: Kill switch

[GrahamJ]

Great explanation, thank you!

Re:Kill switch

[jabuzz]

Well to be fair if you have an memcached server that is in need of patching and you are getting your cache flushed on a regular basis as a result of your server participating in a DDOS then frankly fix your server and STFU in the meantime.

Re:Kill switch

[sl149q]

Memcached implements a key-value store. The DDOS first put a large value with a known key into the server to be exploited, then sends spoofed UDP packets to it requesting the key.

Once you clear the cache, the server cannot be exploited again until a new key-value is stored. The exploit cannot use other data that might be on the server because it does not know what the keys are.

A possibly safer kill-switch would simply upload a new small value for the key to any server sending you data. It will continue to send you that value instead of the much larger one loaded for the exploit. A very small (under 50 bytes?) UDP packet is better than the very large amount of data currently being sent (I think 700kbytes?) Reduces the amplification factor to close to zero.

Re:Kill switch

[Vektuz]

DOesn't that mean that there's basically a giant free cache available to anyone who wants to store data out there? And because UDP is spoofable, people could store data in said cache without betraying where it came from?

I'm selectively outraged

NRA? Hahaha take that you gun nuts!

Amazon? Whoa wait a minute...that's hitting below the belt. We need to stop them!

egress traffic bill -- Re: Part of the Problem?

agreed. i have seen 400Mb/s ddos before and we asked our ISP to kill the traffic type, and they did so, 3 hops up the pipe..

i am sure their bill for the egress traffic will wake them up eventually..

Liberals and communists

Easy to narrow down the suspects.

Re: NRA

The NRA was in the news? No I think you mean entertainment media companies in collusion with left wing political groups have discussed the NRA and accused them on television and the internet. That is not the same thing as news journalism doing real investigations and reporting on the facts.

Get some sense.

Re:I can see ignoring option before, but after DNS

Spammers have made this solution nearly impossible.

Re: NRA

Howdy, brownshirted thug! Nice boots you have on!

Pornhub deserves it

They have been constantly ddosing my IP with attacks that put 1.3tbs to shame!

Re: NRA

You know, blocking DDOS traffic would be in violation of net neutrality.

Why won't someone think of the...

[karolgajewski]

What? They're harassing PornHub?
Why won't someone think of the ... uh... nevermind...

Oblig

A bad guy with a botnet can only be stopped by a good guy with a botnet.

I was okay with it until they attacke Porn Hub

Attacking Porn Hub is a touch too far.

Re:Kill switch ... make them attack each other?

[bd580slashdot]

Why not use the same technique to make these servers attack each other?

That would get the attention of the admins responsible for configuring and firewalling these servers.
(Same for spoofed origin BGP and other amplification attacks too)

I wonder if admins get paid to leave these servers misconfigured / accessible for these attacks. Plausible deniability and all that. Maybe you could slow certain fiber links enough to profit when doing High Frequency Trading on the worldwide stock exchanges? That would be worth paying for. These attacks could be a test run for something like that. Whether this is the case or not, making them attack each other might help.

This would be a lot closer to "sinking to their level" than simply sending the flush command over and over again.

I haven't thought this through very well but since this is slashdot I'll just spout off anyway.

Thoughts?

Re:Kill switch ... mod parent up!

[bd580slashdot]

Just ran out of mod points. Mod parent up!

NRA

NRA supports are well versed in false flag operations, both in how they work, and when. Listen to Alex Jones sometime to learn more. The NRA could be doing this to get sympathy.

"Kill switch" ? No.

> "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack,"

That is one hell of a stretch.. anyone with a brain would realize the ends do not justify the means. This is the kind of thinking you'd expect from oppressive countries..

  > - John Graham-Cumming, CTO of CloudFlare
  > - Chinese security firm Qihoo 360

.. well that explains it then. Two state sponsored actors advocating for kill switches. I'm shocked.

Core routers could drop inbound UDP/11211

For now if the internet core routers simply dropped all inbound UDP/11211 this nonsense would stop. UDP clients that were assigned ephemeral ports of 11211 would have to retry their connections. The internet glitch rate is already higher than 1/62k so the errors introduced by this configuration on legitimate clients would be hardly noticed while it would eliminate this very destructive attack.

Invert the DDOS request?

Ok so this is a terrible idea, but is it technically feasible? If a memcached server gets a request that looks like it's a DDOS request (I have no idea if that's possible), have it target the source IP address of the request instead of the intended target.

Google and NRA are legit targets ...

... but why Amazon and Pornub?

Extremist hate groups make total sense as targets, but why Amazon or Pornhub? Are the attackers out of work retail employees or old porn stars?

Re:ALL Bullshit

[I75BJC]

You neither know nor have read ANYTHING about the NRA if you truly believe "they actively oppose ANY EFFORT TO FIX THE PROBLEM". The NRA supports denial or restriction of gun ownership to specific classes of people -- convicted felons, mentally ill, etc. Just go an look. I dare You! The NRA supports educational pursuits with children, adolescents, and adults with courses that deal with gun awareness, safety, safety use and proficient use. The NRA is a gigantic educational and training entity that provides training for potential soldiers and LEOs, training for current soldiers and LEOs, training for instructors, range officers, etc. for shooting ranges, etc. If someone knows what a gun can do, how to respect (use and handle) a gun, and how to avoid situations where improper gun use can take place, that someone has the NRA to thank. The NRA teaches this now. The NRA has taught this since its inceptions. The NRA will continue to teach this. If someone knows the above, that someone knows when to leave many potential dangerous situations before a prep starts shooting. Wouldn't it better for someone to know all the above so that they could avoid a dangerous situation? BINGO, you're in sympathy with the NRA!

Block the IP at the originating ISP

That will discover the services that have been hijacked, because folk will start complaining their website went down.