incrediBILL - 12:07 am on Mar 28, 2013 (gmt 0)
With all due respect, as I was previously a web host, there is no technology that I'm aware of that could sustain a 300 billion bps attack. No amount of caching or removing fat widgets is going to do anything except waste your time making the changes when you get hit with a flood that exceeds the bandwidth of the host itself as your little server is just a pimple in the pipeline at that point. If you were going to do anything that might even have a chance at making a difference against a little DDoS is would be to get some standard bot blocking software in place that cuts off the problem before the page is even loaded and often has firewall blocks in place against the other hosting locations and countries responsible for launching most of these attacks so they bounce right off the server on contact.
The real problem are all the zombie machines in servitude because of idiots not keeping their computers and servers clean and blocking the hosting companies solves that problem, which I do, which leaves the residential machines as the bulk of the remaining problem.
On some servers I simply lock out entire countries that I don't do business with in the first place which means you only have to worry about infected machines being used within your service area being able to attack your server.
If you're on shared hosting you're just hosed because they don't have to target your site no matter how well you protect it, they just target the IP of the server itself or some other site on the server and bring you to your knees in seconds.
However, the scale here is what's scary. This is the level of terrorist stuff that could take entire governments offline, block access to power system controllers and kill the grid, or simply bring Wall Street or major banks to their knees and cause major upheavals in the financial sector and the resulting panic would cause major financial hits on the retirements plans of many, including us, as this is weapons grade internet power that literally could cause a war.
I hate laws, but when it gets to the point that the actions of these people can cause as much trouble as using any other weapon, just a technological weapon yet potential for real world impact that we may not even be able to fathom, it needs to be stopped.
In reality if you caused people to panic by invoking serious damage to the financial sector it could result in runs on banks, rioting, looting and people jumping out of windows just like what happened in the Great Depression so I can see the potential consequences of the actions of DDoS at this scale because fear makes many people irrational and that's when the real harm happens.
It hasn't happened yet, but I'm just saying that I can easily envision how you could use that sheer volume of internet power to cause such problems.
It's the same reason the FBI raids bunkers of weapons stockpiles because you can't start a war if you aren't armed and TBH suddenly finding myself living in a hostile situation caused by someone shutting down our infrastructure is not cool.
Want to easily cause a real panic? Just aim 300 billion bps at the servers used by Google Navigation and Google Maps and disconnect millions of people depending on Google to guide them to their destination while they're in transit which would also cause those self-driving cars to suddenly disengage and pull over to the curb. I'm hoping my above example isn't realistic as I would like to think that those driving directions are preloaded and cached but I know downloading the entire map for offline access or roaming areas has just recently been introduced and isn't the default so it's highly probable using the current implementation IMO.
Or even better, knock the Apple Maps offline as I'll bet they're a much easier target than Google with their massive bandwidth and infrastructure redundancies.
Heck, if they can afford to spend hundreds of dollars per weapon doing gun buybacks they could surely strike a deal with Geek Squad or something to send them around to fix all the infected machines being used in such attacks and help them firewall themselves from being part of the problem in the future. Probably unrealistic as this is just an flippant off the cuff idea obviously but I think it gets the point across that we need to do something as nothing is creating a real festering problem of Biblical proportions.
Imagine this, 300 billion bps is aimed at the military infrastructure to knock out their ability to monitor inbound enemy advances so while they're busy trying to stop the DDoS and get back online the bad guys are doing something really bad while those that are here to protect us are possibly temporarily blind and mute.
I could go on and on as I could easily spin and weave tales of how that kind of bandwidth could be devastating as a weapon and it's time lawmakers step in and do something.
That's how serious I see this kind of power and it's potential misuse.