d0837296baef4fc14d667832c1a5215944b54a8f46af2d5c5c ‘Biggest cyber attack ever’ slowdown the internet | TipsS And TricksS

‘Biggest cyber attack ever’ slowdown the internet

on Friday 26 July 2013
           Biggest cyber attack ever slowdown the internet : Virtual nuclear bomb

                                                                                                                                                                                                                                   Internet users are facing slow connections problem after the biggest cyber-attack in history. you may be finding some services or sites they access over the internet are performing slower than usual.A cyberattack originally targeting a single company is now being described as one of the biggest Distributed Denial of Service (DDoS) attacks in Internet history.The attackers are throwing so much digital traffic at online networks that they have reportedly disrupted access to popular sites such as Netflix, the on-demand TV streaming service
.



About attack:-
The attacks originally targeted a European anti-spam company called Spamhaus, which blacklists what it considers sources of email spam and sells those blacklists to Internet Service Providers. The attack began early last week as waves of large but typical DDoS assaults shortly after Spamhaus blacklisted Cyberbunker, a controversial web hosting company. Cyberbunker has not directly taken responsibility for the attacks against Spamhaus.
Cyberbunker


Cyberbunker is an WebHosting service which offers dedicated server hosting that allow clients to stay online, no matter what.
Cyberbunker based in the Netherlands, has been named by reports as a potential culprit. It was recently added to one of Spamhaus’s anti-spam lists. With more than 10,000 dedicated servers, and housed in a disused nuclear bunker, it offers anonymous hosting to its customers. Its website states: “In most cases we have no idea who or where our customers actually are. We do not known and we simply don’t care.”
how the attack worked
In most DDoS attack, hackers use thousands of computers to send fack traffic at a particular server in the hopes of overloading it. The computers involved in DDoS attacks previously infected with malware that give a hacker control of the machine without owner’s permission.
Hackers use malware (frequently sent via email spam) to large networks of infected computers for DDoS operations and other purposes.this network called botnets.
Spamhaus and CloudFlare
Spamhaus contracted with CloudFlare to help mitigate the attacks soon after they began.
CloudFlare has been defending Spamhaus by spreading the attacks across multiple data centers, a technique that can keep a website online even if it’s hit by the maximum amount of traffic a typical DDoS can generate.
CloudFlare tell this attack DNS Amplification DDoS Attack on its blog Click here to read

“Normally these DDoS attacks  is around 100 gigabits per second”
CloudFlare CEO Matthew Prince told before explaining the limitation in typical DDoS attack size is due to routing hardware limitations.
These attacks, however, have evolved into a complex and ferocious beast, pointing up to 300 gigabits per second at an expanding list of targets. How?
After the hackers realized they couldn’t knock Spamhaus offline while it was protected by CloudFlare, they chose a different tactic: targeting CloudFlare’s own network providers by exploiting a known fault in the Domain Name System (DNS), a key piece of Internet infrastructure.
“The interesting thing is they stopped going after us directly and they started going after all of the steps upstream from us,” said Prince. ”Going after our immediate transit providers, then going after their transit providers.”
DNS basically turns(redirect) what humans type into an address bar (“www.timestips.com”) to website’s IP address and helps to deliver the desired Internet content to a user’s computer(example you type “www.timestips.com/gadgets/samsung-galaxy-s4-specifications-and-features/” then DNS like www.domain.com redirect you to our ip and server and we deliver you to content like this article).
An essential element of the DNS system are DNS resolvers — 21.7 million of which are open and able to be found and manipulated by hackers.
“The attack works by the attacker spoofing the victim’s IP address, sending a request to an open resolver and that resolver reflecting back a much larger response [to the victim], which then amplifies the attack,” said Prince. technical explanation in details is available on CloudFlare’s blog.
Because DNS resolvers are connected to large pipes with plenty of bandwidth to point at a target, hackers can manipulate them to amplify standard DDoS attacks from a maximum of about 100 gigabits per second to the neighborhood of 300 gigabits per second.
Prince told these attacks have been “certainly the largest attacks we’ve seen.”
he added”And we’ve seen what we thought were some big attacks” .
Kaspersky Labs, a leading security research group, called it “one of the largest DDoS operations to date.”
“We believe that the DDoS attack potentially had severe impacts on the websites it was directed at. However, according to our data, the internet as a whole did not experience wide spread disruption” a spokesperson said.



“the traffic estimates for the DDoS attack were as high as 300Gb/sec at the target. That would easily overwhelm the average hosting centre, but not a core component of the internet. For example, DE-CIX, the German Internet Exchange in Frankfurt, regularly handles 2.5Tbits/sec at peak on any given day.”
Internet speeds around the world can be impacted by such large-scale DNS amplified DDoS attacks because the Internet relies on DNS to work — major interference with DNS can have consequences for services not necessarily being directly targeted by such an attack.
What can be done about preventing these specialized DDoS attacks?
Internet Service Providers should implement technologies that prevent hackers from spoofing victims’ IP addresses. Second, network administrators need to close any and all open DNS resolvers running on their network.
“Anyone that’s running a network needs to go to openresolverproject.org, type in the IP addresses of their network and see if they’re running an open resolver on their network,” said Prince. “Because if they are, they’re being used by criminals in order to launch attacks online. And it’s incumbent on anyone running a network to make sure they are not wittingly aiding in the destruction of the Internet.”
If there’s a silver lining to these continued attacks, it’s that they have likely motivated the security industry, which has been talking about, but taken apparently insufficient action on, the open DNS issue for some time. Prince, however, warns DNS-amplified DDoS attacks won’t be going away any time soon.
“The good news about an attack like this is that it’s really woken up a lot of the networking industry and these things that have been talked about for quite some time are now being implemented,” said Prince.
“There was some progress on shutting down open resolvers before,” he added later. “I think that’s going to be a constant process — this is a problem that we’re going to have to live with for the next several years.”


0 comments:

Post a Comment