Spamhaus now run their own DNS


  • Discourse touched me in a no-no place

    From a particularly bad write-up by the BBC on the recent DDoS attack on Spamhaus:
    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.



  • "The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack in history.

    It is having an impact on widely used services like Netflix - and experts worry it could escalate to affect banking and email services.

    Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host which states it will host anything with the exception of child pornography or terrorism-related material."

    FUD, FUD, FUD. thump


  • Discourse touched me in a no-no place

    @Cassidy said:

    FUD, FUD, FUD. thump
    Well, quite - I just thought the most egregious one was where they had Spamhaus owning the internet.



    The BBC. <a href="http://www.davidmillard.org/2008/05/thanks-to-the-unique-way-the-bbc-is-funded/" title="The viewer raises an eyebrow, expecting some shocking revelation about Orwellian government schemes to combat terrorism, or ineptitude over social service data – in short, expecting the pitch for a documentary about sinister forces working to subvert our liberties – but then the punchline comes: "new technology means that its easy to pay your TV license, and impossible to hide it you don’t. Its all in the database."">Funded in a unique way to provide you with this utter bollocks.



  • @Cassidy said:

    "The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack in history.

    Dunno about you but I've been seeing an awful lot of timed-out connections on the www today.  Could be unrelated of course.

     



  • @DaveK said:

    @Cassidy said:

    "The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack in history.

    Dunno about you but I've been seeing an awful lot of timed-out connections on the www today.  Could be unrelated of course.

     


    Theoretically, someone could DDoS all the DNS servers in the world. That might "make the internet slower"...



  • @Ben L. said:

    Theoretically, someone could DDoS all the DNS servers in the world. That might "make the internet slower"...

    But just to make sure, they should DDoS all the other servers too.


  • Winner of the 2016 Presidential Election

    Good thing someone posted a helpful how-to guide to setting up a botnet, with instructions on how to infect at least 300k nodes.


  • Discourse touched me in a no-no place

    For some balance, the NY Times appear to have a clue.



    Meanwhile the bollocks from the BBC is spreading - it seems that some reporters are using the BBC News site as students would use Wikipedia. As an unimpeachable source rather than somewhere you get information that should be verified elsewhere.
    [quote user="CBS"]The BBC reports that companies like Netflix has been affected by the cyberattack. And Spamhaus has been able to keep its site up and running with the help of companies like Google, which is "absorbing" much of the excess traffic. [/quote]

    [quote user="The Drum"]According to the BBC, Spamhaus claimed it had been under attack from Cyberbunker for over a week and the knock-on effect could be reaching widely used services such as Netflix, as its Domain Name System (DNS) servers were targeted and struggled to cope with the pressure. [/quote]

    [quote user="Business Insider"]The attacks were focused on a company called Spamhaus, which maintains a "domain name system" to connect a typed-in URL to the correct server hosting the appropriate content.[/quote]

    [quote user="The Blaze"]Still, although service has been slowed because of the attack — streaming services like Netflix have been impacted, as could email and banking services[/quote]



  • @PJH said:

    Meanwhile the bollocks from the BBC is spreading
     

    The missus asked me about this last night, and I ripped the BBC a new one over their broadcast article. She said she'd experienced some slowdown (which is feasible if gateways are getting overwhelmed with traffic) but I did liken it to our water supply being impacted because the Orkney Isles were flooded.

    @PJH said:

    it seems that some reporters are using the BBC News site as students would use Wikipedia.

    There's company loyalty and there's utter gullibility. Paging Paxman!



  • @PJH said:

    The BBC. Funded in a unique way...

    The way is far from unique. State, so called "public service", broadcast companies are funded like that in most Europe.

    It is also not novel, but is used for state broadcast companies since they were founded as radio-only long before there even was a television.


  • Discourse touched me in a no-no place

    @Bulb said:

    @PJH said:
    The BBC. Funded in a unique way...

    The way is far from unique.

    Try a google search for the phrase "due to the unique way the bbc is funded" and you'll find out how wrong the BBC think you are. Along with everyone else who uses the phrase in a piss-taking manner.


  • @PJH said:

    Meanwhile the bollocks from the BBC is spreading - it seems that some reporters are using the BBC News site as students would use Wikipedia. As an unimpeachable source rather than somewhere you get information that should be verified elsewhere.
     

    Add to that: they'll take any opportunity they can to mention a popular term in an article, even if it's unrelated. It's something that an SEO consultant told them to do to "increasing their hitz up in Google!!!1!". They get to mention NETFLIX in an article, which makes them more popular and cool. They also get to drop a bit of fear by insinuating that banks might be effected. That's YOUR MONEY being put at risk. Your mortgage. Your kids' education fund. Hell, you might wake up and suddenly cannot buy your baby any food. YOU WILL ALL STARVE TO DEATH!

    You can do this with pretty much any headline. Let's grab a couple from my region's "hometown"-esque group of papers:

    Original Headline:  "Province serves up $4M to aid people with mental illness"

    New Headline: "Province increases mental illness spending, will this prevent a 'Sandy Hook' in Ontario?"

    ---

    Original Headline: "Georgina parents upset over poor EQAO scores" (standardized test scores)

    New Headline: Failing the XBox Generation: What hope do our children have behind the curve of China, India?

    ---

    [b] Now all y'all try one: [/b]

    Original Headline:  East Gwillimbury boys galvanized by puppy mill

    New Headline: 



  • @Cassidy said:

    @PJH said:
    it seems that some reporters are using the BBC News site as students would use Wikipedia.

    There's company loyalty and there's utter gullibility.

    This has been standard practice in the news industry forever. In the US in particular, papers and television and radio newsrooms around the country would pick up whatever the NY Times was talking about.


  • sockdevs

    @PJH said:

    From a particularly bad write-up by the BBC on the recent DDoS attack on Spamhaus:
    @BBC said:
    In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

    I'm not sure I see the WTF here. After all, a lot of (generally big) companies maintain their own DNS servers. Hell, some hobbyists run their own DNS servers.

    Also, to me the write-up doesn't seem that bad. Not great, but not that bad. The motorway system analogy is actually fairly appropriate.



  • @RaceProUK said:


    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

    I'm not sure I see the WTF here. After all, a lot of (generally big) companies maintain their own DNS servers. Hell, some hobbyists run their own DNS servers.

     

    Firstly the infrastructure doesn't join domain names, it resolves domain names to IPs (and v.v.)

    Secondly, technoobs could read that article and form the opinion that bringing down Spamhaus' DNS servers could mean BBC.CO.UK would vanish off the interwebz.

    Overall, the article seemed to give the impression that an attack on Spamhaus was (a) causing internet slowdown everywhere, and (b) large amounts of the internets were so dependent upon Spamhaus that taking them offline would result in unusable interwebbing for everyone. That's simply not the case.

    Hell, even my mail server (that uses spamhaus RBLs) hasn't experienced a noticible slowdown. If an RBL is unresponsive, a timeout kicks it over to the next one.

     


  • Discourse touched me in a no-no place

    @RaceProUK said:

    @PJH said:

    From a particularly bad write-up by the BBC on the recent DDoS attack on Spamhaus:
    @BBC said:
    In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

    I'm not sure I see the WTF here. After all, a lot of (generally big) companies maintain their own DNS servers. Hell, some hobbyists run their own DNS servers.

    But it wasn't, as the BBC are apparently claiming, Spamhaus' DNS servers that were being used to DDoS Spamhaus.


  • sockdevs

    @PJH said:

    But it wasn't, as the BBC are apparently claiming, Spamhaus' DNS servers that were being used to DDoS Spamhaus.

    Where? All I see is their servers were targeted.

    @Cassidy said:

    Overall, the article seemed to give the
    impression that an attack on Spamhaus was (a) causing internet slowdown
    everywhere, and (b) large amounts of the internets were so dependent
    upon Spamhaus that taking them offline would result in unusable
    interwebbing for everyone. That's simply not the case.

    a)
    The bandwidth used, from my understanding anyway, is an order of
    magnitude larger than a typical undersea cable, so it's conceivable
    there'll be 'fallout' congestion.

    b) Absolutely; but then I don't see where that claim is being made.



  • Discourse touched me in a no-no place

    @RaceProUK said:

    @PJH said:

    But it wasn't, as the BBC are apparently claiming, Spamhaus' DNS servers that were being used to DDoS Spamhaus.

    Where? All I see is their servers were targeted.

    But it wasn't their DNS servers; it was their web servers.



    Do I really have to explain how the DDoS was executed? On here? Seriously?


  • sockdevs

    @PJH said:

    @RaceProUK said:

    @PJH said:

    But it wasn't, as the BBC are apparently claiming, Spamhaus' DNS servers that were being used to DDoS Spamhaus.

    Where? All I see is their servers were targeted.

    But it wasn't their DNS servers; it was their web servers.



    Do I really have to explain how the DDoS was executed? On here? Seriously?
     

    Gee, I wonder where I got that the DNS was targeted from...

    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted

     


  • Discourse touched me in a no-no place

    @RaceProUK said:

    Gee, I wonder where I got that the DNS was targeted from...

    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted

    ... thus proving my point, made in the first post up there, that the BBC is talking utter bollocks, and their article isn't worth the electrons used to display it.



  • @Cassidy said:

    @RaceProUK said:


    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

    I'm not sure I see the WTF here. After all, a lot of (generally big) companies maintain their own DNS servers. Hell, some hobbyists run their own DNS servers.

     

    Firstly the infrastructure doesn't join domain names, it resolves domain names to IPs (and v.v.)

    FFS, can you really not see that a simple typo omitted the word "to" between "joins domain names, such as bbc.co.uk," and "the website's numerical internet protocol address."?  Your other complaints are valid, but that's just pedantic dickweedery.



  • sockdevs

    @PJH said:

    @RaceProUK said:

    Gee, I wonder where I got that the DNS was targeted from...

    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted

    ... thus proving my point, made in the first post up there, that the BBC is talking utter bollocks, and their article isn't worth the electrons used to display it.
     

    Like it matters when the attack is [b]300Gbps[/b]. Or am I mistaken in thinking that's a holy fucking crapton of data?

     



  • @RaceProUK said:

    300Gbps

    Okay, let's see here...

    This thread takes 1.58 seconds to load and is 439.1kB. There are 131072 kB in a Gb.

    1.58 seconds * 300 gigabits per second / 439.1 kilobytes ≈ 141489.701662

    Which means the DoS attack had almost 150000 the power of one The Daily WTF.

    Which means if The Daily WTF had the power of this attack, it would be the 610,645,149 nanosecond-ly WTF.



  • @DaveK said:

    FFS, can you really not see that a simple typo omitted the word "to" between "joins domain names, such as bbc.co.uk," and "the website's numerical internet protocol address."?
     

    I can. And sure others on here can.

    But there are plenty of others that don't have our level of technical knowledge and may read it as "the attack on Spamhaus broke the join with bbc.co.uk".

    Perhaps you're right and I shouldn't expect proof-reading and accuracy on a site like the BBC. After all, it's not like it's got a lot of staff behind it, and it's not that popular a site.



  • @RaceProUK said:

    Gee, I wonder where I got that the DNS was targeted from...

    @BBC said:

    In this case, Spamhaus's Domain Name System (DNS) servers were targeted

    .. and I wonder where the BBC got that idea from, since that's not what the hosting company (CloudFlare) said:

    @CloudFlare said:

    On Monday, March 18, 2013 Spamhaus contacted CloudFlare regarding an attack they were seeing against their website spamhaus.org.
    They signed up for CloudFlare and we quickly mitigated the attack. The
    attack, initially, was approximately 10Gbps generated largely from open
    DNS recursors
    .


    And a later article pointed out that the website itself was "unreachable". Whether that actually meant DNS servers had been knocked offline therefore meaning browsers couldn't find the target address, or the webserver was unresponsible, it's unclear - but given how DNS caching works I'm more likely to believe the latter.

     

     



  • @RaceProUK said:

    ..when the attack is 300Gbps. Or am I mistaken in thinking that's a holy fucking crapton of data?
     

    No, that is indeed one huge metric fucktonne of data.

    I've seen a demonstration of the slammer worm saturating a network by all arguing over each other, but it doesn't take a great deal of traffic to knock out a 10BaseT connection (>10% collisions?) but venting 300 jiggys down onto someone is pretty impressive.



  • @Cassidy said:

    No, that is indeed one huge metric fucktonne of data.

    It's not data, it's trash.



  • @Ben L. said:

    @DaveK said:

    @Cassidy said:

    "The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack in history.

    Dunno about you but I've been seeing an awful lot of timed-out connections on the www today.  Could be unrelated of course.

     


    Theoretically, someone could DDoS all the DNS servers in the world. That might "make the internet slower"...
     

    Running a DDoS on DNS servers is something like attacking the nigra falls with a fire-hose.

     



  • @doomsought said:

    @Ben L. said:

    @DaveK said:

    @Cassidy said:

    "The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack in history.

    Dunno about you but I've been seeing an awful lot of timed-out connections on the www today.  Could be unrelated of course.

     


    Theoretically, someone could DDoS all the DNS servers in the world. That might "make the internet slower"...
     

    Running a DDoS on DNS servers is something like attacking the nigra falls with a fire-hose.

     


    That analogy only works if Niagara falls has redundant backups all over the world and you'd have to take them all out at once.



  • @blakeyrat said:

    It's not data, it's trash.
     

    Still data, it's only us that decides how valuable it is.

    Ah, shit. I fell for it again, haven't I?



  • @Cassidy said:

    Still data, it's only us that decides how valuable it is.

    The meta-data is useful (what IPs are generating most of it, what location they're in, how many packets are being sent, etc) but there's no actual data. It's just trash. Shit. Crap. Waste of space.

    If you had a 1 GB file full of nothing but zero bytes, would you say that file contained data?



  • @blakeyrat said:

    If you had a 1 GB file full of nothing but zero bytes, would you say that file contained data?
     

    Yeah, in case I ran out of zeros. Can never have too many...

    Okay, I'll stop the moran. No, I get your point: something like that is of no value.

    Hell, if anything, can't modern filesystems compress this way down? I recall a simple DoS attack of sending a compressed file of this type as an attachment and antivirus scanners would attempt to decompress the file prior to scanning it, gobbling up disk space as it did so.



  • @Cassidy said:

    Hell, if anything, can't modern filesystems compress this way down?

    Yeah. NTFS has a compression option that does a basic RLE compression on files at the filesystem level. It's not usually turned on unless you go out of your way and turn it on.

    @Cassidy said:

    I recall a simple DoS attack of sending a compressed file of this type as an attachment and antivirus scanners would attempt to decompress the file prior to scanning it, gobbling up disk space as it did so.

    I've heard of that, but I thought it was a .zip file that extracted to another identical .zip file, so that file extractors that keep going until there's no compression left got stuck in a loop. Maybe that's two different attacks.



  • @blakeyrat said:

    Maybe that's two different attacks.
     

    Yes.



  • @blakeyrat said:

    It's just trash. Shit. Crap. Waste of space.
    This is true, but irrelevant.  It's still data.  Data and Crap are not mutually exclusive. @blakeyrat said:
    If you had a 1 GB file full of nothing but zero bytes, would you say that file contained data?
    Yes. The fact that its useless is irrelevant.


     



  • @El_Heffe said:

    @blakeyrat said:

    It's just trash. Shit. Crap. Waste of space.
    This is true, but irrelevant.  It's still data.  Data and Crap are not mutually exclusive. @blakeyrat said:
    If you had a 1 GB file full of nothing but zero bytes, would you say that file contained data?
    Yes. The fact that its useless is irrelevant.


     


    Is TDWTF's forum HTML "data"?



  • Caution: may freak out badly written virus scanners:

     http://steike.com/code/useless/zip-file-quine/droste.zip



  • @bgodot said:

    Caution: may freak out badly written virus scanners:

     http://steike.com/code/useless/zip-file-quine/droste.zip

     

    I've got Mcafee on here. I'm not touching that link.

    I've got nothing at home. There's some vague anti-poop stuff built into Windows 8, I think. I don't know.

     



  • @Ben L. said:

    Is TDWTF's forum HTML "data"?
     

    Yes, but in a dynamic environment such as the brain, it degrades into atmospheric noise very quickly.



  • @dhromed said:

    I've got Mcafee on here. I'm not touching that link.
     

    Translation: "Although I have protection on here, I need to protect my protection from that link"

    @dhromed said:

    There's some vague anti-poop stuff built into Windows 8, I think

    Windows Defender, part of Windows Security Essentials? It's actually quite good. Firewalls and antivirus progs seem to be those sinister creepy older relations  that you don't want to approach but need to from time to time.  Microsoft have applied their UI experience onto a security tool, turning it into an approachable kindly uncle that explains things in a demystified manner and guides you through the process.

    Give it a go. It won't attempt to touch you in strange places.



  • @Cassidy said:

    Give it a go.
     

    How can I give it ago when it's already there? I can see all kinds of anti-thing processes running.



  • @blakeyrat said:

    If you had a 1 GB file full of nothing but zero bytes, would you say that file contained data?
     

    If I had to allocate 1 GB of disk space to it, then it quacks close enough. 

    If I had to transfer that 1 GB file to another computer, then it would be data insomuch as I'd have to actually send 1GB worth of zeroes.  (Zip files don't fit into my frictionless, spherical cow example)



  • @Cassidy said:

    Windows Defender ... won't attempt to touch you in strange places.

    It will, however, interfere with you when you attempt to touch yourself in strange places.



  • You shouldn't be touching yourself in such regions until you're old enough to know what to do.

    See?  It knows best.



  • Actually, if I understood correctly, this is a DNS amplification attack, which means thy are essentially flooding every DNS server they can find with requests with the "from" field spoofed to point at the real victim. So it might actually be "slowing the internet down" if they have enough bandwith (but only the first time you access a particular site, afterwards it's cached).


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.