Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive DDOS Attacks Are Now Targeting Google, Amazon, and the NRA (pcmag.com)

Posted by EditorDavid on from the distributing-denial-of-service-attacks dept.

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

17 of 121 comments (clear)

  1. Wide-open memcached servers by Anonymous Coward · · Score: 2, Interesting

    There are enough moron administrators on the planet to make memcached ddos possible.
    Jesus wept.

  2. Google, Amazon, and the NRA by Patent+Lover · · Score: 5, Funny

    The three pillars of society.

    1. Re:Google, Amazon, and the NRA by sheramil · · Score: 2

      And Pornhub... the... fourth leg.. of society.

  3. Part of the Problem? by Toad-san · · Score: 4, Insightful

    You then deserve what you get.

    "Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating:
    "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization.""

    Unethical my ass. Turn those suckers off.

  4. We need more Security by Design by Aethedor · · Score: 5, Insightful

    We need more software that are secure by design. There is no reason to have a tool like memcached available for the entire internet. The memcached developers should have made it listen to localhost only by default. The setting to make it listen to other interfaces should be well explained in the manual, with all the risks and are-you-sure-you-want-this warnings.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
  5. ALL by Noishkel · · Score: 3, Insightful

    Well that's because the NRA is OBVIOUSLY responsible for EVERY SINGLE shooting that happens. Just like every Cloud Flair is responsible for every act of piracy that happens, Ford is responsible for every car crash, pharmaceutical manufacturers are responsible for every single OD, every single Mullah is responsible for every act of Islamist terror, and every single white male is reasonable for pretty much everything.

    It's the [Current Year] and no one has any time for reasonable discussion. Just ban everything and you're a racist for not knowing this already.

    1. Re:ALL by Anonymous Coward · · Score: 2, Insightful

      The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

    2. Re: ALL by ScentCone · · Score: 3, Informative

      Ahh, yes, of course, it's the MEDIA'S fault for mass shootings in America, not the proliferation of guns!

      Well, let's see. Guns have never been more difficult to buy. Despite that, millions and millions more people have gone through the hoops to buy them over the last couple of decades, even as the rate of murder by people who USE guns is down to almost half what it was before the big spike in gun buying over the last ten years. In other words, what you're implying is actually the bunch of bullshit. Millions more guns are legally owned, and gun violence is dramatically down. If you remove four or five specific urban areas in the US (all run for decades by liberal legislatures/councils and executives, and with the tightest gun restrictions and yet very high, very localized crime problems in those spots), the US is one of the lowest murder rate countries in the developed world. But sure, it's the guns.

      --
      Don't disappoint your bird dog. Go to the range.
    3. Re: ALL by Anonymous Coward · · Score: 2, Insightful

      When the media stopped mentioning suicides in the news in the 1980s, they plummeted significantly.

      The media turns the shooters into celebrities, from giving biographies about Cruz, to reading his manifesto, to fawning over the Smith & Wesson M&P 15 that he used for his massacre, to mentioning him as a red-carpet celebrity constantly, above all other news for weeks on end. What does this give kids who are already coked to the gills on Prozac or an anti-depressant, who are kicked around, and normally would be suicidal? Yep, they realize they will get adulation and praise like they are a war hero, go find themselves a firearm, by hook or crook, and go take out who they think are the bad guys, committing suicide by cop... because the press will give them their 15 minutes and a score, for other shooters after that to beat.

      Of course, we will get the "assault weapons" ban. It won't stop anything. If an AR isn't available, a Mini 14 will be. If semi auto rifles are not available, then there are shotguns. If semi auto shotguns are banned, a sawed off pump. If all guns magically are banned, someone will drive a pickup truck into the school. The fact is, the press turns the murderers into celebrities, rolling out the red carpet, to the point where they will pay the criminal defense teams if the killer writes a book and sells it.

      Stop turning these fuckheads into war veterans, and we will see the mass homicides go down. Gun bans are not going to stop it.

    4. Re: ALL by ScentCone · · Score: 3, Insightful
      Maryland, likewise, as some of the toughest gun laws in the country. The city of Baltimore further tightens those, making gun ownership there extremely difficult. And yet, Baltimore is now the murder capital of the country. And ... shockingly, the overwhelming majority of those crimes are committed with: guns possessed by people not legally allowed to own them, guns which were procured usually through theft or fraud. Meanwhile, just miles away in almost every direction, guns are substantially easier to get and carry legally, are owned by FAR more people, and the rates (and hard numbers) of crimes involving guns are a small fraction of what they are in Baltimore. Why? Because criminals in Baltimore face very little in the way of consequence for being career criminals.

      Shouldn't the rest of the nation be the same?

      No. Because all of the places that most tighten down such laws see increases in murder and other crime. But nationally, such crime has been in a steady decline for thirty years, even as gun ownership has jumped by millions. Your narrative is exactly, precisely backwards.

      --
      Don't disappoint your bird dog. Go to the range.
    5. Re:ALL by LaughingRadish · · Score: 2, Insightful

      The reason the NRA is targeted is not because they are responsible for the massive slaughters we've seen lately, but unlike the other groups you mention they actively oppose ANY EFFORT TO FIX THE PROBLEM. As a matter of fact, they think the answer to the problem is more guns. This is basically like pharmaceutical companies telling you that the answer to opioid abuse is to try to get more opioids on the market to bring the prices down. If you're STILL having some cognitive dissonance here, you should try watching this.

      Here's a slight but very significant correction: The NRA actively opposes ineffective and counter-productive efforts to fix the problem. The talking heads either can't or won't offer any rational justification for gun control, so they resort to name-calling.

  6. Re:NRA by PolygamousRanchKid+ · · Score: 5, Interesting

    Why would anyone target The NRA? Seems really suspicious.

    It stokes up conflict among the pro-Second Amendment camps and ant-Second Amendment camps internally in the USA, and generally weakens democracy there. The right will blame it on the left, and they will all get into a massive huff over it.

    International shits & giggles.

    Why would anyone target Amazon, Google or Pornhub . . . ?

    Why not, if someone else is footing the bill to disrupt the Internet.

    Now who could that someone be . . . ?

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  7. Re:NRA by BeerCat · · Score: 5, Insightful

    Why would anyone target The NRA? Seems really suspicious.

    Maybe because they oppose net neutrality?
    https://www.reuters.com/articl...

    --
    "She's furniture with a pulse"
  8. I can see ignoring option before, but after time? by SuperKendall · · Score: 4, Interesting

    That's great they managed to patch 60k out of 100k vulnerable systems...

    But as the rest of the systems continue to degrade the internet - at some point don't you have to say, for the public good these servers have to be shut down externally?

    It's fine and dandy to say it's not justified to disable someone else's system that is unknowingly taking part in an attack. But that ignores that all companies and people that put systems on the internet have a responsibility to monitor and keep them up to date, and if they abuse that responsibility they lose the right to complain about external kill switches being activated.

    It seems like after some time if you cannot get people to be responsible, you do what you have to and maybe next time they will be more proactive about fixes.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  9. Re:Kill switch by Zocalo · · Score: 5, Informative

    It's not really a kill-switch in the sense of turning the service off, so much as a temporary reset button. What it does is to send a command to memcached to drop the contents of its cache, at which point the spoofed packets of the DDoS will not actually stop outright but be considerably be reduced in size and thus reduce the effective amplification factor of the attack. Unfortunately, the server would then immediately start to repopulate its cache and the amplification factor would gradually recover back to its former levels, something that could happen quite quickly for some cached databases if the underlying query rate is high enough. To effectively shutdown a server, you'd need to keep sending the flush command at regular intervals - in effect launching a DoS at the server to prevent it launching a DoS at another server, so sinking to the same level as those trying to launch the DDoS.

    --
    UNIX? They're not even circumcised! Savages!
  10. Re:Kill switch by sl149q · · Score: 5, Informative

    Memcached implements a key-value store. The DDOS first put a large value with a known key into the server to be exploited, then sends spoofed UDP packets to it requesting the key.

    Once you clear the cache, the server cannot be exploited again until a new key-value is stored. The exploit cannot use other data that might be on the server because it does not know what the keys are.

    A possibly safer kill-switch would simply upload a new small value for the key to any server sending you data. It will continue to send you that value instead of the much larger one loaded for the exploit. A very small (under 50 bytes?) UDP packet is better than the very large amount of data currently being sent (I think 700kbytes?) Reduces the amplification factor to close to zero.

  11. Re:Kill switch by Vektuz · · Score: 2

    DOesn't that mean that there's basically a giant free cache available to anyone who wants to store data out there? And because UDP is spoofable, people could store data in said cache without betraying where it came from?