Slashdot Mirror

← Back to Stories (view on slashdot.org)

1.1.1.1: Cloudflare's New DNS Attracting 'Gigabits Per Second' of Rubbish (zdnet.com)

Posted by BeauHD on from the dirty-hacks dept.

An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.

94 of 136 comments (clear)

  1. now also being slashdotted by Narcocide · · Score: 1

    Oh, this was their plan all along. Heh, well, I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

    1. Re:now also being slashdotted by jellomizer · · Score: 1

      I think a web server running on a low end system is powerful enough to prevent from being Slashdotted today.
      Slashdot hasn't grown at the same rate computing has grown.
      Slashdot has been late posting news articles, compared to other sites who have larger volume, so by the time it gets on slashot, the site has already adjusted for the volume.
      Often most site are on the cloud, so they just request extra bandwidth.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    2. Re:now also being slashdotted by RobertNotBob · · Score: 1, Insightful

      ... I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

      Yeah, that stood out to me, too. ... How can you hire a "Chief Scientist" who doesn't understand the basic mechanisms of the environment you're operating within?

      --
      ___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
    3. Re:now also being slashdotted by datavirtue · · Score: 1

      "Slashdot has been late posting news articles, compared to other sites who have larger volume, so by the time it gets on slashot, the site has already adjusted for the volume." ...and that is fine unless you hang out on the site all day drooling for news.

      --
      I object to power without constructive purpose. --Spock
    4. Re:now also being slashdotted by datavirtue · · Score: 1

      I don't know what to say other than CREIMER is real. I saw him on YouTube.

      --
      I object to power without constructive purpose. --Spock
  2. Research by symes · · Score: 3, Interesting

    I would be very interested in following the research they are undertaking. Anyone know how/where this will be published?

    1. Re:Research by Rosco+P.+Coltrane · · Score: 2

      Wherever it gets published, you can bet you'll have to solve an impossible captcha to get to it.

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re: Research by Anonymous Coward · · Score: 1

      The NSA doesnâ(TM)t usually release the results of their studies.

    3. Re:Research by arth1 · · Score: 1, Insightful

      I would be very interested in following the research they are undertaking. Anyone know how/where this will be published?

      And when the research will be completed, with the 1.1.1.1 and 1.0.0.1 addresses going back to IANA and no longer serving DNS? I bet that some people bought the hype and thought that these would be perpetual addresses, and not just a research run.

    4. Re: Research by aleph · · Score: 2

      Why on earth would the whole /8 revert to IANA? As per the *summary*, even, that whole block is delegated to APNIC.

      A world beyond North America, bizarre I know.

    5. Re:Research by Zocalo · · Score: 2

      The IPs are assigned to APNIC, a RIR, and they are free to assign them to whoever they want that meets their assignment policies, including entitities that are not Headquartered in the APNIC region. There is some debate in high-level networking groups like NANOG about whether those procedures were correctly followed, but that ultimately hinges on whether this is a joint APNIC-Cloudflare research project or a permanent assignment. The former is arguably within APNIC's currently agreed scope for the IPs in question, the latter may have circumvented a few procedures or opportunities for debate.

      Ultimately though, the last time these IPs were routed - a partnership between APNIC and Google, they got 50Gb/s of garbage, mostly from things that were designed to use unassigned IPs rather than suitable RFC1918 IPs. There are not exactly very many companies that have the necessary infrastructure to filter out 50Gb/s of crap and still provide a useable service with what remains so, research or not, I can't see many people wanting these IPs anyway and if Cloudflare can make some use of them, good on them. Besides all that, there is also the question of why are people still doing "research" on IPv4 space; wouldn't it be better to be focussing on the brave new world of IPv6 - where's my 2001:2001:: resolver, or some such equivalent?

      --
      UNIX? They're not even circumcised! Savages!
    6. Re:Research by onepoint · · Score: 3, Interesting

      Hi Zocalo,

      I come from a time when we looked at cycles of a process to see what we could do to reduce the cpu's usage ( and all the other steps ), I believe the reason for working in the IPv4 space is similar to that, they are first trying to find out what is going on with the least amount of junk in the system from their end.

      DNS resolving is such a critical issue that the lessons learned in one space, Might ( not will or work ) be transferable to the IPv6 space. So I would think that the processing cycle savings by working in IPv4 space might be a huge ( well my math is rusty so 255 x 254 x 253 = 16386810 in savings per processing cycle ) not a lot but still a small saving.

      Another perspective also brings out the point, that if the junk traffic can be cleaned out ( nulled ), the new savings can be used for better end-user experience. We have a correlated example of this back when hurricane sandy hit. Spam numbers decreased by a noticeable percentage, this would lead to the following assumptions ( but not fact ), Less energy use overall. So testing on the starting platform, finding results, and seeing if it can be brought out to the next level is a good thing for the growth of the 'net'

      of course I could be totally wrong and it was some upper management choice because they did not know better.

      --
      if you see me, smile and say hello.
    7. Re: Research by houghi · · Score: 1

      It will be published by their marketing team when the outcome us in their favour. Just as almost all research.

      --
      Don't fight for your country, if your country does not fight for you.
    8. Re:Research by Killall+-9+Bash · · Score: 2
      Or for windows bat files....

      REM wait 10 seconds
      ping 1.1.1.1 -n 10 > nul

      I often use 1.1.1.1 as a "garbage" IP address. Anyone using that address should expect to get flooded with pings.

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
    9. Re: Research by Brockmire · · Score: 1

      Fucking fail. Use 127.0.0.1. You deserve it if you did this for sleeping.

    10. Re:Research by F.Ultra · · Score: 1

      So "timeout /t 10 /nobreak > NUL" was not cool enough I guess.

    11. Re:Research by Zocalo · · Score: 1

      Similar era here; cycles counted and the innermost of a deep nest of loops was usually a good place to start as even one less processor cycle could be removed you could often improve things considerably when you multiplied it all out, although I don't think that's it since there are a few competing DNS engines, which all hopefully pretty well optimised in their core code already at this point (feature bloat aside), and presumably Cloudflare is only going to be running one of them. Realistically, I'm only seeing two options here - Cloudflare coming to some kind of "arrangement" with APNIC for some memorable IP addresses for DNS (one of the few times you do need to memorise them, so that counts) to compete with Google, Quad9, etc. in the alternative DNS service provider space as a new revenue stream, hence people getting upset about the sudden repurposing of what they saw as IPs reserved for reseach use. The second, and I suspect more likely scenario given Cloudflare's DDoS protection services, is that they were fully aware they were going to be getting tens of Gb/s of junk traffic and wanted to do what could be some genuinely useful work on protected DNS services from DDoS attacks in a live environment, since the traffic patterns are likely "good enough". That does still make sense to be done in the IPv4 space since that's where the IRL garbage traffic is and, as you say, any lessons learnt should hopefully translate over to the IPv6 stack easily enough.

      --
      UNIX? They're not even circumcised! Savages!
    12. Re:Research by Anonymous Coward · · Score: 1

      So I would think that the processing cycle savings by working in IPv4 space might be a huge ( well my math is rusty so 255 x 254 x 253 = 16386810 in savings per processing cycle ) not a lot but still a small saving.

      I have no idea what is meant by your numbers. "Processing cycles saved"??? Doing what? And where do 255, 254, and 253 come from? Since the smallest unit of work in a CPU is a cycle, 16,386,810 cycles is A LOT of processing. Even on a 3ghz CPU, that represents 5.5ms of work. Taking 5ms to respond to a DNS request is forever. The full round trip, from the time wireshark on my desktop sees the packet leave to the time it sees the response packet is ~270us. That includes all fixed delays like Ethernet frame serialization, switching fowarding, context switching on both client and server.

      My firewall can process about 8,000 packets in 5.5ms. That includes checking rules, routing tables, forwarding, NAT, and traffic shaping.

    13. Re:Research by onepoint · · Score: 1

      I suspect you are correct in thinking of protection of the DNS or a website when under attack. You might appreciate this https://twitter.com/olesovhcom... 2 years ago someone got hit with an attack, 1.1 T not G but T. being able to shield one's self from these types of attacks might be ok.

      Now a funny thing about junk traffic, it's a good place to learn what to filter out, I look forward to a cleaner system over the next 10 years ( when I owned an ISP back in 2000 we were fighting the same battle and no one cared. it takes a $$$ for people to react to these things

      Have a good day

      --
      if you see me, smile and say hello.
    14. Re:Research by RockDoctor · · Score: 1

      I bet that some people bought the hype and thought that these would be perpetual addresses

      What is this concept of a "permanent address" in relation to TCP/IP? It might seem permanent to you, but some of us are actually older than the Internet and view such things as just recent fads. I wouldn't be surprised if the people (*) who write the major networking protocols in use when I die haven't been conceived yet.

      (*) - includes programs, including ones with formal proofing built into the compiler.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    15. Re: Research by Killall+-9+Bash · · Score: 1

      No. you want an address that doesn't respond, and you set the timeout to 1 second. You fucking fail. And what exactly am I getting that I deserve? I'm not the idiot using 1.1.1.1

      --
      "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  3. Experiment? by RadioD00d · · Score: 4, Interesting

    The summary repeatedly calls this an 'experiment' - does that also indicate that at some point, these nameservers will be disabled / changed / removed in the guise of 'science'? Since TANSTAAFL, I find it difficult to believe that even Cloudflare (who makes buckets of money in other ways) is just going to give away this service forever. I know, THEY'RE GATHERING DATA - if you're that concerned about the crap you post on the internet, you either need to re-evaluate your exposure or just cut your ethernet cable entirely....

    1. Re:Experiment? by godrik · · Score: 4, Funny

      you either need to re-evaluate your exposure or just cut your ethernet cable entirely....

      My ethernet cable ? Jeez, this is the 21st century! I'll cut my WiFi cable, thank you very much!

    2. Re:Experiment? by lfourrier · · Score: 2

      Don't forget that all Google "products" are just experiments, valid only as long as they find benefit in them.

    3. Re:Experiment? by apoc.famine · · Score: 4, Funny

      With a Faraday knife!

      --
      Velociraptor = Distiraptor / Timeraptor
    4. Re:Experiment? by Tulsa_Time · · Score: 2

      "The research relationship is set to run for at least five years, after which it may be renewed and APNIC will consider permanently allocating the 1.1.1.1 IP address – along with 1.0.0.1 – to Cloudflare."

      --
      5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
    5. Re:Experiment? by freeze128 · · Score: 1

      Don't bother cutting your WiFi cable... I'll do it for you... with a JAMMER! I bet you wish you had an ethernet cable *NOW*.

    6. Re:Experiment? by gbjbaanb · · Score: 1

      or, the give the jammer its proper name - next door's stupidly configured TV streaming box.

  4. Opaque? by Viol8 · · Score: 3, Insightful

    "yet the details of the way it operates still remains largely opaque"

    Opaque to whom? Not to net admins and other people who understand DNS. If they're hoping Joe Schmoe will understand or care then they've got a long wait.

  5. Re:Everybody gets what they want by Anonymous Coward · · Score: 4, Insightful

    If you are worried about this I would suggest you disconnect from the internet.

  6. Re:Solution to amplification DDoS exists for 18 ye by arglebargle_xiv · · Score: 3, Funny

    Meh. Implementing RFC 3514 is far more useful, you could automatically disconnect all evildoers, not just threaten to disconnect people who may be evil.

  7. Comment removed by account_deleted · · Score: 3, Funny

    Comment removed based on user account deletion

  8. Gigabits per second of rubbish? No shit. by BlacKSacrificE · · Score: 5, Interesting

    There are plenty of examples of people suggesting ping to 1.1.1.1 as a delay in batch scripting. The thought of batches all over the world now failing because people used a kludge method to pause was only slightly more amusing than the thought of all the junk traffic 1.1.1.1 would see as a result.

    For our next amazing trick, we're going to make 555-xxxx a valid number range! Follow the action live at example.com!

    --
    [Sorry, this signature is unavailable in your country/region]
    1. Re:Gigabits per second of rubbish? No shit. by coofercat · · Score: 1

      I was wondering where this traffic was coming from - and why. Here's one place (who knew! yet another reason Windows has been 'bad for tech' ;-), and I'll bet there are others that do something similar.

      I wonder if the 'script kiddies' scan 1.x.x.x looking for old wordpress, and default SSH accounts? I'll bet at least some of them do.

      I'm left wondering what analysis of this 'spam traffic' is going to tell anyone though. Hopefully they'll publish some of their findings so we can take a peek.

    2. Re:Gigabits per second of rubbish? No shit. by deadweight · · Score: 1

      The sleep command was too hard? Sleep 10 gives you a 10 second delay and so on.

    3. Re:Gigabits per second of rubbish? No shit. by Anonymous Coward · · Score: 2, Insightful

      Windoze (pun intended) doesn't have a built-in sleep command for batch files. What fun!

    4. Re:Gigabits per second of rubbish? No shit. by The+MAZZTer · · Score: 1

      For the rare occasion where I write a batch file like that I use 127.255.255.255... it always fails by timing out (so you can specify a timeout to control batch delay) and it only uses the localhost virtual network adapter so you're not spamming over the LAN or internet.

    5. Re: Gigabits per second of rubbish? No shit. by Anonymous Coward · · Score: 1

      Ya, you post that one every story about this, and we still don't care.
      The two IP scopes used by Cloudfare are Research scopes and are not guaranteed to be routed, and are treated similar to RFC1918 by many companies.

    6. Re:Gigabits per second of rubbish? No shit. by Anonymous Coward · · Score: 2, Insightful

      I keep seeing people complaining about this breaking batch scripts that ping 1.1.1.1, but Cloudflare isn't responding to ICMP requests as far as I can tell. Just because an IP address is active, doesn't mean that it will respond to a ping.

    7. Re:Gigabits per second of rubbish? No shit. by Anonymous Coward · · Score: 1

      Since windows 7 / Server 2008+ it does, the TIMEOUT command, doesn't help if you have to use the script on order environments, but still...

    8. Re:Gigabits per second of rubbish? No shit. by omnichad · · Score: 3, Informative

      ping 1.1.1.1

      Pinging 1.1.1.1 with 32 bytes of data:
      Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
      Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
      Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
      Reply from 1.1.1.1: bytes=32 time=16ms TTL=53

      Maybe your ISP just doesn't route the traffic. That's a fast link. Though Google DNS is 15ms from here.

    9. Re:Gigabits per second of rubbish? No shit. by Zocalo · · Score: 1

      There's also a lot coming from captive portals that use 1.1.1.1 as a login/logout gateway IP, including some turnkey solutions provided by the likes of Cisco that are heavily deployed in providing free WiFi services to things like the hospitality trade. Yeah, they could (and should!) have used RFC1918 IPs as the default configuration for this, just like your home router tends to default to 192.168.1.1, but for whatever reason decided to default to 1.1.1.1 instead. Since that (fairly obviously) is highly unlikely to conflict with anything already on the network, guess what got deployed in the live environment?

      --
      UNIX? They're not even circumcised! Savages!
    10. Re:Gigabits per second of rubbish? No shit. by Anonymous Coward · · Score: 1

      Use the CHOICE command with a timeout starting with DOS 6.0.

      https://en.wikipedia.org/wiki/Choice_(command)

      RRK

    11. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      I'm a network engineer, so I am not remotely justifying what I'm about to describe. I'm the chief engineer on several large residential fiber to the home deployments, and as such get to play around a lot in not-off-the-shelf CPE equipment. You'd be amazed how much I see 1.1.1.1 used. It confused me for a while, but now I get it. If you need an RFC1918 address that you're basically guaranteed no user or ISP back end configuration will overlap with- guess what.

      The current equipment I'm working on (and have just discovered a *massive* vulnerability in) use 1.1.1.0/30 for communications between the main Broadcom SOC and a quantenna 5ghz wlan SOC.

    12. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 2

      That's a fast link.

      Na. It's anycast. Your ping is dependent upon how close you are to the closest node. Being I peer with cloudflare at the SIX, i'm very close to my closest node.

      [x@x ~]$ traceroute 1.1.1.1
      traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
      1 x (x.x.x.x) 0.232 ms 0.313 ms 0.371 ms
      2 x (x.x.x.x) 0.295 ms 0.381 ms 0.466 ms
      3 x (x.x.x.x) 27.807 ms 27.894 ms 28.005 ms
      4 six.as13335.com (206.81.81.10) 0.293 ms 0.292 ms 0.292 ms
      5 1dot1dot1dot1.cloudflare-dns.com (1.1.1.1) 0.212 ms 0.213 ms 0.246 ms

    13. Re:Gigabits per second of rubbish? No shit. by omnichad · · Score: 1

      Well yeah, but that is what makes it a fast link. I haven't tested performance on Google's DNS lately, but Cloudflare might be worth trying out for DNS even if it's a potentially unroutable IP from some places.

    14. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      Oh, you meant fast as in RTT fast... My bad. I thought you meant "throughput" fast. (wide pipe vs. short pipe)
      That's my bad.

    15. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 2

      Also- it works fine for DNS. We've been playing with it for a little bit.
      It's in the global BGP tables, so you're going to be able to access it basically anywhere, except possibly a few networks operated by morons, or behind equipment that made the unfortunate choice of using 1.1.1.0 a management prefix internally.

    16. Re:Gigabits per second of rubbish? No shit. by fizzer06 · · Score: 1

      People have written sleep utilities in compiled languages for use in batch files.

    17. Re:Gigabits per second of rubbish? No shit. by Mozai · · Score: 1

      > for our next amazing trick
      in North America, {areacode}-555-1212 will connect you to directory assistance for that areacode's subset of phone numbers.

    18. Re:Gigabits per second of rubbish? No shit. by omnichad · · Score: 1

      Bandwidth isn't exactly important for DNS queries, but latency is.

    19. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      It's not important at all for DNS queries. It's important for DNS servers. I run 8 authoritative nameservers. You know what's worse than 100ms of latency? 40% packet loss because you don't have the bandwidth to handle the queries.

      Typically, when someone says, That's a fast link. they're referring to bandwidth. I see that you were not ;)

    20. Re:Gigabits per second of rubbish? No shit. by omnichad · · Score: 1

      If you're getting 40% packet loss, the ping times would be higher or intermittent. It's still a better metric for the end user for DNS than bandwidth.

      Sure, typically fast link means something else - but we have context here.

    21. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      If you're getting 40% packet loss, the ping times would be higher

      That's dependent on the amount of buffer bloat you have. Ideally, no, the ping times won't be different.

      or intermittent

      Absolutely- like missing 40% of the time....................

      It's still a better metric for the end user for DNS than bandwidth.

      End user? Yes. Though again, you're going to notice a saturated link long before you notice an extra 40ms of latency in DNS RTT.

      Sure, typically fast link means something else - but we have context here.

      I'd argue incorrect, or at best highly unorthodox usage, even given the context. Full disclosure, I am a network engineer. I do this for a living. My DNS infrastructure hosts 12285 domains, and I'm the head engineer for an AS with approximately 8000 customers. I'm not talking out of my ass.

    22. Re:Gigabits per second of rubbish? No shit. by Szeraax · · Score: 1

      Because I can:

      ping 1.1.1.1

      Pinging 1.1.1.1 with 32 bytes of data:
      Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
      Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
      Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
      Reply from 1.1.1.1: bytes=32 time=4ms TTL=61

      Viva la fiber!

      ps, google is around 45ms for ping, but i've seen it as low as 20ms for stretches.

    23. Re: Gigabits per second of rubbish? No shit. by Brockmire · · Score: 1

      My VPS's get sub 1ms ping times. It gets lonely and loud living in a datacenter, though.

    24. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      For the sake of being informative, google is also ever so slightly faster from here, as well.
      [x@x ~]$ traceroute 8.8.8.8
      traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
      1 x (x.x.x.x) 0.290 ms 0.334 ms 0.405 ms
      2 x (x.x.x.x) 0.314 ms 0.385 ms 0.468 ms
      3 x (x.x.x.x) 0.419 ms 0.506 ms 0.584 ms
      4 six.sea01.google.com (206.81.80.17) 0.315 ms 0.339 ms 0.357 ms
      5 108.170.245.113 (108.170.245.113) 0.262 ms
      - 108.170.245.97 (108.170.245.97) 1.307 ms
      - 108.170.245.113 (108.170.245.113) 0.275 ms
      6 108.170.237.189 (108.170.237.189) 0.230 ms
      - 209.85.250.19 (209.85.250.19) 0.667 ms
      - 209.85.246.219 (209.85.246.219) 0.668 ms
      7 google-public-dns-a.google.com (8.8.8.8) 0.172 ms 0.188 ms 0.192 ms

      Realistically, I think their anycast node just responds quicker. I doubt there's any difference in latency across the pipe.

    25. Re:Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      There are plenty [symantec.com] of [schalley.eu] examples [experts-exchange.com] of people suggesting ping to 1.1.1.1 as a delay in batch scripting.

      That is literally one of the dumbest fucking things I've ever heard. And from symantec, no less. Terrible.

    26. Re: Gigabits per second of rubbish? No shit. by Szeraax · · Score: 1

      #I'mInTheBasementDungeonOfMyHouse #StillLonely #TheTwinsAreCryingUpstairs

      There, I made some comments to keep you company.

    27. Re:Gigabits per second of rubbish? No shit. by oddtodd · · Score: 1

      I've been using it for a couple days and it's orders of magnitude better than AT&T DNS servers.

      --
      I have plenty of common sense, I just choose to ignore it. -- Calvin
    28. Re: Gigabits per second of rubbish? No shit. by DamnOregonian · · Score: 1

      That's obscenely close. Comcast likely has much of its internal networking from the customer to the edge obscured via MPLS or other transport mechanisms. Your 6 hops don't complete in *zero*.246ms.

    29. Re:Gigabits per second of rubbish? No shit. by Bengie · · Score: 1

      I second DamnOregonian. I was testing a 1Gb DOS against my 150Mb connection, and I was getting 85% loss with 20-40ms pings to my ISP. Bufferbloat, fix it.

  9. Re:Solution to amplification DDoS exists for 18 ye by SpzToid · · Score: 4, Funny

    https://en.wikipedia.org/wiki/...

    --
    You can't be ahead of the curve, if you're stuck in a loop.
  10. The slashdot effect hasn't been a thing for years by sjbe · · Score: 1

    I think a web server running on a low end system is powerful enough to prevent from being Slashdotted today.

    There haven't been enough people on slashdot for many years for the slashdot effect to be a thing. Plus as you point out the networks are a lot more robust these days.

    Slashdot hasn't grown at the same rate computing has grown.

    Indeed, slashdot has substantially shrunk to all appearances. This used to be a place where a lot of alpha geeks hung out but slashdot never evolved or got better. Just look at how the average number of comments per article has shrunk over the last decade.

  11. Re:867-5309 by arth1 · · Score: 2

    Directing traffic at 1.1.1.1 is a little like calling 867-5309.

    More like calling 555-1212 than Jenny, I'm afraid.

  12. Odd coincidency by Anonymous Coward · · Score: 1

    I recently was setting up a VPN after having set up many VPNs. I've often joked about using non-publicly-used military/government ranges do avoid collisions. I recently set up for a client for one and saw they were using 1.1.1.1 for some things. It does seem to be a choice for routers and dns. I think you'll get it on any easily types "valid" address because people will just think what's the chance of having to be able to access though IP addresses over WAN (IE if it's a few in a billion your break) and if it happens they can shift it to 1.1.1.2. Unfortunately a lot of people operate like that rather than according to the spec.

    1. Re:Odd coincidency by omnichad · · Score: 1

      Which is weird, since 10.0.0.0/8 is absolutely huge and there are 256 different 192.168.x.0/24 networks to play with.

    2. Re:Odd coincidency by swb · · Score: 1

      FWIW, I wish RFC1918 had included a couple of weird and unappealing "isolated" /24s which would have gotten less use than 192.168.0.0/16 and 10.0.0.0/8 or even 172.16.0.0 (which seems to be the least used in my experience).

      These lone /24s would be have been ideal to break up for interior interfaces or for use on isolated management networks that can't overlap with other interfaces.

    3. Re:Odd coincidency by Bert64 · · Score: 2

      The overlap (and exhaustion in very large businesses) of RFC1918 address space is yet another reason to use ipv6...
      You can use part of your own globally routable address space for internal use, and as its your own allocated address space noone else should be using it for anything.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    4. Re:Odd coincidency by DamnOregonian · · Score: 1

      Link-local addresses exist for this reason. 169.254.0.0/16.
      It's used for IPv4 zeroconf communications, but that's just an application of it. It's purpose is for non-routed link-local communications.

  13. Re:What is the DNS part of this? by arth1 · · Score: 1

    I get that the traffic to these specific IP addresses (or ranges) are interesting - but which DNS names resolve to these addresses?

    Your question is meaningless; it's like when politicians ask which web links point to https://www.piratebay.se/

    Any number of forward DNS entries can point to these two addresses. If you ran the DNS server for sillyexample.com, you could point dns.sillyexample.com or vengeful.foxbats.sillyexample.com to these addresses if you wanted.
    But there is no way of knowing who points.

    Or are reverse lookups involved?

    Neither forward nor reverse DNS is needed for the name servers themselves.
    That said, for reverse DNS, just ask the DNS server itself:

    1.0.0.1.in-addr.arpa name = 1dot1dot1dot1.cloudflare-dns.com.
    1.1.1.1.in-addr.arpa name = 1dot1dot1dot1.cloudflare-dns.com.

    I.e. both point to the same name. They would work just fine without a reverse pointer to a name too.

  14. Re:Everybody gets what they want by Assmasher · · Score: 2

    Out of honest curiosity, does CloudFlare have a reputation for this type of thing or are you exercising your paranoia about potentialities (which in matters like this is a GOOD thing.)

    --
    Loading...
  15. Re:The slashdot effect hasn't been a thing for yea by Anonymous Coward · · Score: 1

    just look at how the average number of comments per article has shrunk over the last decade.

    Nothing worth commenting on.

    (1) Crap articles
    (2) Reposts of crap articles

  16. the submitter should train their network-fu by moronoxyd · · Score: 1

    The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use.

    I could be wrong, but I'm pretty sure that 1.1.1/24 is not a valid IPv4 address range. IPv4 addresses consist of quadruplets of values. The proper address ranges are 1.1.1.0/24 and 1.0.0.0/24.

    1. Re:the submitter should train their network-fu by cciechad · · Score: 3, Informative

      Thats been pretty standard in networking for years. Dropping any 0's. Like 10/8 or 8.8/16. Its just a shorthand.

      --
      https://www.fsf.org/associate/support_freedom
    2. Re:the submitter should train their network-fu by DamnOregonian · · Score: 1

      Heh. In the network engineering industry, dropping the host address zeros is common practice when talking about prefixes.

  17. Re:Everybody gets what they want by DontBeAMoran · · Score: 3, Funny

    Oh yeah? Well, I'll build my own DNS! With blackjack, and hookers!

    --
    #DeleteFacebook
  18. Cloudflare is not the solution to secure DNS by Anonymous Coward · · Score: 1

    Cloudflare started its life with seeding from NSA and CIA as a honeypot used for nefarious purposes. Trusting this business to be the solution to private and secure DNS is complete madness. The solution must be within DNSSEC, out of the hands of American agencies and companies.

  19. Re:The slashdot effect hasn't been a thing for yea by Rob+Lister · · Score: 1

    Just look at how the average number of comments per article has shrunk over the last decade.

    Can you prove that? I'm betting that just the average number of AC's we have per thread now greatly exceeds the number named postings per thread ten or twenty years ago.

  20. FFS by jbmartin6 · · Score: 4, Informative

    The new DNS isn't "attracting" anything. All the traffic to 1.1.1.1 was already there, that's why they put the DNS host on that address. They wanted to experiment with exposing it to tons of crap traffic.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    1. Re:FFS by jaymemaurice · · Score: 1

      Technically if there was no route to 1.1.1.1 before since it wasn't in the BGB tables, they are now attracting it like a magnet.
      It will no longer follow default routes until it has nowhere to go... there is now a destination.

      --
      120 characters ought to be enough for anyone
    2. Re:FFS by jbmartin6 · · Score: 1

      Touché, although at best that's a strange attractor.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    3. Re:FFS by DamnOregonian · · Score: 1

      Oh it's absolutely attracting it.
      Prior to 1.1.1.0/24 becoming a global routed prefix again, that traffic was blackholed in every individual AS.
      Now that cloudflare is announcing that block to me, we are routing that traffic to them. There really isn't any more accurate way of putting it other than that they are attracting it.

  21. Re:The slashdot effect hasn't been a thing for yea by jon3k · · Score: 2

    I'm really curious as well. Does slashdot have a proper api that would allow someone to do some analysis on this?

    Also, where did everyone go? Reddit? What subs? Has the very specific nature of subreddits fractured what used to be a large single audience?

  22. Re:The slashdot effect hasn't been a thing for yea by Anonymous Coward · · Score: 1

    Slashdot doesn't even support fucking unicode, why would you think it has any kind of api?

  23. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  24. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  25. Re:867-5309 by PPH · · Score: 3, Funny

    invoke a better humor response.

    Humor timed out. No route to host.

    --
    Have gnu, will travel.
  26. Re:What is the DNS part of this? by cascadingstylesheet · · Score: 1

    Your question is meaningless;

    You mean he's not even wrong??

    Ah, I've been waiting so long to use that awesome geeky putdown! It works; I feel all superior and everything!!

  27. Re:What is the DNS part of this? by DamnOregonian · · Score: 1

    Does their frugivorism preclude their having a desire for vengeance?

  28. Re:Everybody gets what they want by ckaminski · · Score: 1

    If it's Free, it's going to be used to gather data from you and then resell for value.

    Period.

    Even if it's not free, odds are your data is going to be aggregated and sold.

    It may be anonymized to some extent, but get a large enough sample of data from enough sources and you can be deanonymized.

  29. Re: "Chief Scientist" who doesn't understand... by zooblethorpe · · Score: 1

    ... I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

    Yeah, that stood out to me, too. ... How can you hire a "Chief Scientist" who doesn't understand the basic mechanisms of the environment you're operating within?

    I dunno, that sounds about right for the current political environment in the US. Ideology and Wishy Thinking FTW!

    :-P

    Cheers,

    --
    "What in the name of Fats Waller is that?"
    "A four-foot prune."
  30. Nooo my SkyNet!!! by Julz · · Score: 1

    There goes my Skynet's comms strategy :(

    --
    When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
  31. Re:Everybody gets what they want by Assmasher · · Score: 1

    I thought they were a 'freemium' model; ergo, they don't need to make money off their free customers...

    --
    Loading...