PDA

View Full Version : World's largest DDoS strikes US, Europe



Ickie
February 11th, 2014, 03:13
World's largest DDoS strikes US, Europe
http://www.itnews.com.au/News/372033,worlds-largest-ddos-strikes-us-europe.aspx

The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA and League of Legends

“NTP is effective as an amplification source because the responses can be hundreds of times the size of the queries,” Prince explained. “This means that an attacker with a list of a relatively small number of vulnerable NTP servers can generate a large attack. Generally, you only need about 1/10th the number of misconfigured NTP servers as you do open DNS resolvers to launch an attack of the same size.”

Ickie
February 11th, 2014, 03:50
Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:
The client requests a connection by sending a SYN (synchronize) message to the server.
The server acknowledges this request by sending SYN-ACK back to the client.
The client responds with an ACK, and the connection is established.
This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.

Rami
February 11th, 2014, 13:49
Good evening,

Here's another article about the DDoS attacks: http://gigaom.com/2014/02/11/record-breaking-ddos-attack-struck-on-monday-according-to-reports/

Allen
February 11th, 2014, 14:04
The power of the vector was demonstrated last month in attacks that took down gaming streaming servers used by professional gamers for EA

4162

The only thing that would be better is if they went after Activision.

Ickie
February 11th, 2014, 16:07
Hackers flooded servers across US & Europe with huge amounts of data in what was described as the biggest computer attack of its kind.
They looked to exploit a flaw in the system used to synchronise time across the internet.

its time we get out our old wind up timex watches

Dangerousdave26
February 11th, 2014, 16:25
its time we get out our old wind up timex watches

I took my last one apart to see how it worked...

Ickie
February 11th, 2014, 16:32
just to piss them off, we should set the server to 3 min 33 seconds fast.

Howellerman
February 11th, 2014, 18:15
Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:
The client requests a connection by sending a SYN (synchronize) message to the server.
The server acknowledges this request by sending SYN-ACK back to the client.
The client responds with an ACK, and the connection is established.
This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.
A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it never sent a SYN.
The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic. Some systems may also malfunction badly or even crash if other operating system functions are starved of resources in this way.

Thanks, Ickie - that is a nice concise summary of what a DDOS attack does. I work with computers all day, forgotten more about computer architectures than most people will ever learn, but I still learn something new every day.:applause:

Ickie
February 12th, 2014, 03:17
It appears to have slowed down to a crawl
current pic of world internet traffic

4172