• For more information on how to avoid pop-up ads and still support SkiTalk click HERE.

The internet is down!!!

Michael R.

Michael R.

skiNEwhere
Skier
Joined
Nov 17, 2015
Posts
370
Location
UT/CO
Massive DDOS attack (the equivalent of a bunch of people going to a webpage and clicking "refresh" hundreds of thousands of times and overloading the server)

http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835

Looks like LA, Houston, Dallas, and the entire east coast megalopolis are most affected.

Ironic thing is that I left A-Basin at 11 so that I could work the remainder of the day, but I can't get to any of the webpages needed to do aforementioned work.....but I can get to pugski!

Internet.PNG
 
crgildart

crgildart

Gravity Slave
Skier
Joined
Nov 12, 2015
Posts
16,492
Location
The Bull City
Still messed up.

publicbuildings-internet-refugee-camp.png
 
Monique

Monique

bounceswoosh
Skier
Joined
Nov 12, 2015
Posts
10,561
Location
Colorado
Read Blinn said:
http://www.nytimes.com/2016/10/22/business/internet-problems-attack.html

It was an attack on a company in Manchester, NH, so you guys in the Sierras have nothing to worry about.
Click to expand...

Not exactly .... my understanding is that it was an attack against a domain name server. Domain names get served in sort of a reverse phone tree scheme, where every server has a parent server that has a parent server, etc, up to a very few "root servers."

Each domain name has its own TTL (time to live), which can be very long if you don't change things often, or very short if you want to be able to rearrange your servers quickly without having to prepare. My guess is that the services being hit have DNS entries with short TTLs to allow changes to flow through rapidly, and guarantee no interruption of service.

So, as you'd expect with the internet, physical location is only sort of relevant. It has to do with whether these particular servers are your server's great grandparents.

@Michael R. can correct me if I got any of this not quite right.
 
J

jonc

Putting on skis
Skier
Joined
Sep 27, 2016
Posts
109
Location
Washington D.C.
Monique said:
Not exactly .... my understanding is that it was an attack against a domain name server. Domain names get served in sort of a reverse phone tree scheme, where every server has a parent server that has a parent server, etc, up to a very few "root servers."

Each domain name has its own TTL (time to live), which can be very long if you don't change things often, or very short if you want to be able to rearrange your servers quickly without having to prepare. My guess is that the services being hit have DNS entries with short TTLs to allow changes to flow through rapidly, and guarantee no interruption of service.

So, as you'd expect with the internet, physical location is only sort of relevant. It has to do with whether these particular servers are your server's great grandparents.

@Michael R. can correct me if I got any of this not quite right.
Click to expand...
It was so extensive because this company manages the DNS handling for lots of major websites.

This attack was also interesting because part of it used compromised internet of things (IoT) devices. Think every random gadget people buy now that connects to the internet or lets you connect to it through an app on your smartphone.. Now imagine 10s of millions of them all trying to call you at once....
 
Monique

Monique

bounceswoosh
Skier
Joined
Nov 12, 2015
Posts
10,561
Location
Colorado
jonc said:
It was so extensive because this company manages the DNS handling for lots of major websites.
Click to expand...

Right! That's where I was going, but I guess I never got there in my post :)

Those devices, they're all just computers - more powerful computers than anything a person a decade or two ago would dream of having in their pocket. Definitely the obvious way to go for obnoxious attacks like this.
 
crgildart

crgildart

Gravity Slave
Skier
Joined
Nov 12, 2015
Posts
16,492
Location
The Bull City
It was all my fault.

So apparently the fastest internet speed on our block from the only full broadband non DSL vendor (TWC/Spectrum 100 MPS) isn't fast enough to support all our device needs.,. 7 PC laptops, 5 Kindle Fires, 4 smart phones, 3 Dish Joeys, 2 gaming consoles, 2 Rokus, 1 Fire Stick.. and a partridge in a pear tree!

Had the TWC tech out looking at our wireless cluster, Dual band router that handles WAY more than the 100 MPS they can feed it, switch, 2nd router, range extender to hop past kitchen feeding the dead spot, etc. They couldn't do any better and said it is against policy to install a 2nd line and modem even if we wanted to pay double.. has to be a business class account to get 2 cable lines to 1 address. So, we wait ever so wanting for that fiber I see getting laid less than 2 blocks away. We'll be running two ISPs to get 2 modems, one cable, one FIOS.
 
Carl Kuck

Carl Kuck

Ambassador of Stoke
Skier
Joined
Jan 21, 2016
Posts
739
Location
Del Mar
The other thing is that many of these devices in the "Internet of Things" have passwords. People don't (can't be bothered to?) change their passwords, leaving them WFO to compromise and conversion into attack bots...
 
Read Blinn

Read Blinn

lakespapa
Inactive
Joined
Nov 12, 2015
Posts
1,656
Location
SW New Hampshire
Later info showed the outage moving in three waves across the country. Who did this? China or Russia (looks like a state actor)? Russia's been pretty active lately.
 
J

jonc

Putting on skis
Skier
Joined
Sep 27, 2016
Posts
109
Location
Washington D.C.
crgildart said:
It was all my fault.

So apparently the fastest internet speed on our block from the only full broadband non DSL vendor (TWC/Spectrum 100 MPS) isn't fast enough to support all our device needs.,. 7 PC laptops, 5 Kindle Fires, 4 smart phones, 3 Dish Joeys, 2 gaming consoles, 2 Rokus, 1 Fire Stick.. and a partridge in a pear tree!

Had the TWC tech out looking at our wireless cluster, Dual band router that handles WAY more than the 100 MPS they can feed it, switch, 2nd router, range extender to hop past kitchen feeding the dead spot, etc. They couldn't do any better and said it is against policy to install a 2nd line and modem even if we wanted to pay double.. has to be a business class account to get 2 cable lines to 1 address. So, we wait ever so wanting for that fiber I see getting laid less than 2 blocks away. We'll be running two ISPs to get 2 modems, one cable, one FIOS.
Click to expand...
That's a normal number of devices in households these days.

If by 100MPS you mean 100Mbps that is plenty of speed to handle the typical house. It's usually in the higher tier of home internet offering. Remember also that number is the max speed they are offering, it goes down as you get further away from the modem. Wifi router? Slower, going through a range extender? Slower, not sitting close to the access point? Slower, older devices on your network forcing the wifi router to pick older wireless protocols for ALL devices? You get the idea....
 
J

jonc

Putting on skis
Skier
Joined
Sep 27, 2016
Posts
109
Location
Washington D.C.
Read Blinn said:
Later info showed the outage moving in three waves across the country. Who did this? China or Russia (looks like a state actor)? Russia's been pretty active lately.
Click to expand...
I have not seen any confirmation as to who was responsible but possibly the same group who attacked a security researcher's website (Brian Krebs) with a similar attack recently. Big state actors don't typically use DDoS attacks which are loud and obvious. They are usually more focused and stealthier.

Unfortunately the source code for the IoT botnet is now publicly available which means more people will be able to put together these attacks in the future.
 
You must log in or register to reply here.

Sponsor

Members online

Total: 2,400 (members: 39, guests: 1,909,robots: 452)
Top