A massive DDOS attack against Dyn DNS is causing havoc online [thenextweb.com]

How is it possible that a big company like Twitter get ddos attack like that without a backup plan?

Today, Twitter and other big sites were shut down and completely inaccessible for hours, even right now. And it's affecting my site traffic and Adsense revenue.

[edited by: not2easy at 11:37 pm (utc) on Oct 21, 2016]
[edit reason] cleanup [/edit]

It doesn't really matter how large the company is, what matters is if they can handle hundreds of thousands of simultaneous connections. (or more...) concurrently... the servers get inundated by massive amounts of requests. If you can't respond because you're too busy handling all those requests, it's over until the requests stop, or you can block the source(s)...

It's probably Russia again.

twitter.com server is having issues

[edited by: not2easy at 11:36 pm (utc) on Oct 21, 2016]
[edit reason] cleanup [/edit]

Major ddos attack today:

[cnbc.com...]

Back online now

Brian Krebs (KrebsOnSecurity) provides some in-depth background drawn from his ongoing investigations into cybercriminals and DDoS-for-hire services. Insecure routers that could be used "in the wrong way" are mentioned as a major point of vulnerability.

Krebs has been writing a series of articles on the topic. This is to just cite several of his presentations....

DDoS on Dyn Impacts Twitter, Spotify, Reddit
Brian Krebs - 21 Oct 16
[krebsonsecurity.com...]

See the article online for complete contextual links...

The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com -- delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.

That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen. Indeed, the record 620 Gbps DDoS against KrebsOnSecurity.com came just hours after I published the story on which Madory and I collaborated...

Here's DYN Researcher Madory's talk on YouTube...

NANOG 68 BackConnects Suspicious BGP Hijacks
Doug Madory - Oct 19, 2016 - trt 28:10
https://www.youtube.com/watch?v=LFJzu0AFDpU [youtube.com]

And one of the several referenced Krebs articles...

Spreading the DDoS Disease and Selling the Cure
Brian Krebs - 19 Oct 16
[krebsonsecurity.com...]

vulnerable routers are a HUGE issue

More probably to come. It looks like they may be trying to hit Krebs again too.

[edited by: not2easy at 6:04 pm (utc) on Oct 23, 2016]
[edit reason] cleanup [/edit]

Huge DDoS Attack at Dyn
Some of the affected sites:

Twitter, Reddit, Spotify, Esty, Box, Wix Customer Sites, Squarespace Customer Sites, Zoho CRM, Iheart.com (iHeartRadio), Github, The Verge, Cleveland.com, hbonow.com, PayPal, Big cartel, Wired.com, People.com, Urbandictionary.com, Basecamp, ActBlue, Zendesk.com, Intercom, Twillo, Pinterest, Grubhub, Okta, Starbucks rewards/gift cards, Storify.com, CNN, Yammer, Playstation Network, Recode, Business Insider, Guardian.co.uk, Weebly, Yelp

[gizmodo.com...]

[edited by: not2easy at 6:03 pm (utc) on Oct 23, 2016]
[edit reason] cleanup/reattached headline [/edit]

Here's a natural follow-up from KrebsOnSecurity on how a denial of service attack like this one can happen, not from computers, but from a huge number of widely distributed devices connected to the internet....

Vulnerabilities of cheap networked devices were obvous to many at the time of Heartbleed. Krebs has been talking about this for a while... and he strongly implicates the largely unregulated IoT (Internet of Things) in this attack....

As... noted earlier this month in Europe to Push New Security Rules Amid IoT Mess [krebsonsecurity.com], many of these products from XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a danger to others unless and until they are completely unplugged from the Internet....

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
Brian Krebs - 21 Oct 16
[krebsonsecurity.com...]

...to address the threat from the mass-proliferation of hardware devices such as Internet routers, DVRs and IP cameras that ship with default-insecure settings, we probably need an industry security association, with published standards that all members adhere to and are audited against periodically.

Is your refrigerator hacking your bank records? ;)

It's this IoT again that's helping facilitate the attack. Instead of using the traditional zombie computers to carry out the attack, the weak security, or even non-existent security of IoT is easier to control and doesn't need to be hacked.

Has Windows 10 made it tougher to hack the traditional PC, or is it really just the weaker targets of IoTs that doing it.

Not exactly sure how this internet of things works. The only thing I have that is WiFi is my new grill. Password is unique to the grill and I keep it unplugged when I'm not grilling.

IoT problems stem entirely from a lack of security. Some have no passwords, and others have in-built common usernames and passwords for all devices. Once cracked, it'll be easy to locate and to command the objects to do the will of the attacker.
This weak security is one of the benefits for a user as it's easy to plug and play. Similarly, many of these users are not tech savvy and have no clue their IoT equipment is causing a problem. Internet of Things zombies.

If you device has a username and password that you've set it's less likely to be a target for command and control systems.

I suspect that every time there's another attack of this nature, and if a manufacturers products get identified, it'll turn them around to become retroactive in protecting their systems. The problem comes when there are many older systems don't get updated, though user laziness, or inability to update.

What I don't understand is with all the Money that the ISP's have, all the IT Infrastructure and all IT talent at hand why they dont write their own BOT that scans the web of their own IPs to figure out if the routers are secure(not default password/user name). If it is not, disable the damn connection till user resets the password to something else, problem solved.

I have purchased my own cable modem/router so I don't havet to pay $10/mo Comcast fee to rent one from them. They bug me once a month that the connection is not working right by calling me. Everything is peachy on my end. I pay for 75mb, the actual speed is more than 90mb. If they know, they know.....

The reason for using services like DynDNS is that they can run more reliable services as they are specialist. I wonder if that still holds if they are likely targets for DDOS attacks.

This weak security is one of the benefits for a user as it's easy to plug and play. Similarly, many of these users are not tech savvy and have no clue their IoT equipment is causing a problem.

Fine anyone whose devices get used in an attack. That would motivate them to learn.

What I don't understand is with all the Money that the ISP's have, all the IT Infrastructure and all IT talent at hand why they dont write their own BOT that scans the web of their own IPs to figure out if the routers are secure(not default password/user name). If it is not, disable the damn connection till user resets the password to something else, problem solved.

legal issues and the risk of false positives.

Fine anyone whose devices get used in an attack. That would motivate them to learn.

lol I was looking for the wink.
That might work in some societies, but is totally impractical.

Really, it comes to the manufacturers to invest in security in the first place, especially now it's known there are exploits. Perhaps manufacturers could be names and shamed. Or there could be "minimum standard" that each product meets.

It was against twitter and reddit specifically.

Where emails by Hillary are discussed the most. (yeah, maybe a coincidence).

>>blend27: why they dont write their own BOT that scans the web of their own IPs to figure out if the routers are secure
>>Fine anyone whose devices get used in an attack.

Have you ever bought a chinese-made usb webcam? Yeah.