Massive DDOS Attacks Are Now Targeting Google, Amazon, and the NRA

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

Part of the Problem?

[Toad-san]

You then deserve what you get.

"Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating:
"The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization.""

Unethical my ass. Turn those suckers off.

We need more Security by Design

[Aethedor]

We need more software that are secure by design. There is no reason to have a tool like memcached available for the entire internet. The memcached developers should have made it listen to localhost only by default. The setting to make it listen to other interfaces should be well explained in the manual, with all the risks and are-you-sure-you-want-this warnings.

ALL

[Noishkel]

Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens. Just like every Cloud Flair is responsible for every act of piracy that happens, Ford is responsible for every car crash, pharmaceutical manufacturers are responsible for every single OD, every single Mullah is responsible for every act of Islamist terror, and every single white male is reasonable for pretty much everything.

It's the [Current Year] and no one has any time for reasonable discussion. Just ban everything and you're a racist for not knowing this already.

Re: ALL

[ScentCone]

Maryland, likewise, as some of the toughest gun laws in the country. The city of Baltimore further tightens those, making gun ownership there extremely difficult. And yet, Baltimore is now the murder capital of the country. And ... shockingly, the overwhelming majority of those crimes are committed with: guns possessed by people not legally allowed to own them, guns which were procured usually through theft or fraud. Meanwhile, just miles away in almost every direction, guns are substantially easier to get and carry legally, are owned by FAR more people, and the rates (and hard numbers) of crimes involving guns are a small fraction of what they are in Baltimore. Why? Because criminals in Baltimore face very little in the way of consequence for being career criminals.

Shouldn't the rest of the nation be the same?

No. Because all of the places that most tighten down such laws see increases in murder and other crime. But nationally, such crime has been in a steady decline for thirty years, even as gun ownership has jumped by millions. Your narrative is exactly, precisely backwards.

Re:NRA

[BeerCat]

Why would anyone target The NRA? Seems really suspicious.

Maybe because they oppose net neutrality?
https://www.reuters.com/articl...