Cloudflare, and the 120Gbps DDOS "that almost broke the Internet"

Yes: 120 gigabits/second, primarily of DNS amplification traffic.

Still think it's optional to implement BCP38 pervasively?

-- jra

Is someone pissed off at Spamhaus, or was the intention to packet them so
hard their entire network ceased to exist so they can no longer offer
DROP/RBL/xyz service?

Seldom do hax0r nations target things without some type of
"justification". I don't really care who is being internet murdered, I
care why.

It's probably the same people who have been posting news articles from
Ashworth's email.

That was a really big attack.

The scary part is that it's all DNS reflection, meaning the attackers only need 3Gbps of bandwidth to generate 300Gbps of DDoS.

Imagine if they compromised some of the medium sized corporate networks along with these Botnets. I don't know if the exchanges could hold up against 1Tbps of DDoS, and the difference between 300 and 1000Gbps is not a lot.

While I'm excited that CloudFlare is doing such a good job bringing this to the attention of the masses I can't help but feel that this is essentially a time bomb. If this attack was an order of magnitude larger, things might be very different.


According to the New York Times it was 300 gbps and Cyberbunker was the bad guy.


You won't care "who" until the target is you. :wink:

Warm Regards,
Jordan Michaels

As cyberbunker stops killing spamhaus and goes after Gilmore.. I think
these are the guys who used to colo HavenCo after they burnt their
platform down? I'm not sure how I feel about Cloudflare comparing being
packeted to a nuclear bomb? After the packeting drys up, is there really
total devastation? Seems to me it would better to compare it to something
like a giant traffic jam
( not
miles of land completely wiped out with zero hope of salvage? Unless cisco
has implemented a mechanism to melt a router when the traffic exceeds
100gbps? :wink:

Consider this a call-to-arms, in all aspects. Please.

- ferg

that article is absolute rubbish. take with large pinch of salt, rockstar in hamster outfit type nonsense.

$dayjob didn't lose any traffic during the period, some guys where affected because of the lottery of being on the same switch as couldfare.



No. Not enough. +10.

But...our collective track record in responding in a timely and effective
fashion to such calls is not very good. Twenty years ago we could have
killed spam. Ten years ago we could have killed botnets. We didn't
do either (despite *numerous* warnings of how bad it would get --
warnings dismissed as unduly pessimistic at the time, now viewed as
naively optimistic) and in part because we didn' we have this.
There are entire business sectors which now exist just to make up for
our failure to do those things when we had the chance. And while
there are good and smart people in those doing some good and smart
things, all those sectors are really doing are (a) costing us a ton
of money and (b) helping us tread water.

I suggest we fix these problems before we wind up creating yet another
market for yet another several billion dollars that could be better used
on making forward progress.

Or worse, before some government somewhere decides to "solve" this
problem for a value of "solved" involving (shudder) legislation.


In general, governments have avoided regulating various aspects of
the Internet, in part because of lack of understanding and in part
because the community keeps telling them that trying to regulate
won't work because of its decentralized nature. As the Internet
becomes increasingly important to each country's economy and its
citizens, the status quo is not likely to continue.

The real question is, when governments do decide to try and help
"improve the Internet", who will they be listening to, and will
the operator community have spoken with a clear enough voice in
these matters on what actually would make for an improvement?