DNS wreaks havoc

I’d noted some annoying search slow downs since mid summer, and randomly blamed my phone, my ISP, TPTB, you, your bestie, etc.

Perhaps I owe them an apology?

Google {more than seven times the size of the previous record-breaking attack thwarted last year.}

Cloudflare { “three times larger than any previous attack we’ve observed.”}

Amazon says it’s “ongoing”.

{ “a new type of distributed denial of service (DDoS) event.”}
Generating.
{hundreds of millions of request per second.}

The vulnerability is {the supersized attacks were enabled by a weakness in HTTP/2}.

So.
My sincere apologies VZ, Visible, Google Pixel 7 Pro, you, your bestie, and anyone I wrongly blamed.
:pensive:
ralph feels remorse

7 Likes

I have been experiencing issues with my internet connectivity for about 5 weeks in which my local cable modem remains connected the entire time (ruling out local physical layer 2 problems in my home or neighborhood) but I lose the ability to surf or stream for maybe 2-3 minutes at a time. I finally called the provider yesterday and spent about 30 minutes on the phone giving them background and summarizing my guess as to what the problem was and where it was occuring.

Each time it happened, I could use tracert (“traceroute”) to see how far from my house packets were getting before disappearing. Each time, they are dying at the point my local provider’s access tier of CMTS routers connect to its backbone routers. I suspected they had an interface between some of their routers that was intermittently failing and causing routers to alter routing tables and coverge, only to flip back when the interface came back up.

In light of this enormous DDoS attack mechanism, it could be that they were simply discarding bursts of traffic as a means of preventing interfaces from saturating. Or… any DDoS attack originating from bots in my area could have been competing with bandwith required to keep routing sessions alive between peer routers via “HELLO” packets, which would also cause routes to “flap” and periodically black hole traffic.

WTH

8 Likes

The powers that be have been wondering when we all switch to HTTP/3. Nothing like the present.

I am now wondering if some of the credit card mishaps many of us see are related. I went into Old Navy today and was declined on a card. No reason. My balance is under $100. I used another card. Was very happy with the shirt I bought and went back tonight for a selection of two more shirts. This time the declined card sailed right on through and made the purchase. Clerks both of them told me there were communication problems with their credit card machines.

2 Likes

I’ve noticed all sorts of weird internet issues over the last 7-10 days. Both on home internet (xfinity cable) and on the cell networks (AT&T and T-Mobile). That means they aren’t localized to provider.

I suspect they are “probing”-related actions by China and/or Russia, of course using China-backed and/or Russian-backed folks to maintain [im]plausible deniability.

2 Likes

I have also seen this same problem. An online game will suddenly “drop”–due to loss of connection to the server. Very unusual–until recently. I have not (yet) seen any issues with cell phones.

The issue was weird the first time. My gateway (password protected) crashed big time. No LEDs were on. Turned it off (power button) and let it sit for 30 seconds. Then restarted it. Waited for ALL the lights to be flashing correctly. THEN rebooted computer. Internet then accessible. The next few times it has been strictly the online game-server dropping the connection (no specific reason). Completely exit the game and restart it–and it works fine again (until it repeats some hours/days later).

2 Likes

I haven’t had to reboot any modems or routers in my house. In fact, they’ve performed rather admirably as I haven’t rebooted them in many months. Last time I rebooted was when I upgraded my old single location model to a 3 location mesh set of routers. That was perhaps a year ago, maybe longer?

But this is specifically one of the reasons I think it is an internet issue rather than a local issue.

Funny thing, I was at my parent’s place last week to do my semi-weekly check and the internet was super slow, so I rebooted the modem and router and it was still slow. I texted my dad about it and he said that he downgraded his internet service to “vacation” mode while away from home! He just found out about that service, and it is substantially less expensive than the regular service they use while home, so he switched to it for the period of time while they are away.

3 Likes

10/14 About 45 min till midnight
That DNS thing seems to be happening again on Chrome.
Very, very sluggish behavior

Edge seems equally bad, maybe worse - still has not started up

2 Likes

I have to ask, what is the point of all of this? I can understand if a group targets a particular company they’re unhappy with or sees some geopolitical advantage to taking down, but just jamming everything up for the heck of it? Why?

And why aren’t there some kind of circuit breakers that the Lords of the internet can’t just say “OK, all traffic from Russia (or wherever) stops now.”And cut them off for a day or week or whatever.

Is this just some kind of nihilistic thing that anti-American governments pay for, and to what end?

1 Like

Parties launching DDoS attacks may be attempting to accomplish any of the following impacts:

  • simply annoying a targeted company or population or impairing profits by disrupting revenue-producing activity
  • forcing a target to spend money beefing up network bandwidth or server processing power that normally would not be required to deliver service to customers
  • adding chaos to daily operations of targets or their network providers to help obscure some other type of intrusion that is the real goal
  • using overloads of networks or servers to trigger unique types of failures (buffer overruns, etc.) that expose a system to security breeches, installation of malware, etc.

These types of DDoS attacks are extremely hard to defend against for a variety of reasons. DDoS stands for Distributed Denial of Service and “Distributed” means the attacker devised a way to originate the traffic that melts down the target from a multitude of sources (typically thousands or millions) simultaneously. The software used operates in phases, starting with initial infections of remote PCs and servers with an agent (“bot”) that leverages known, unpatched vulnerabilities in operating systems or applications to install itself, evade detection by normal anti-virus / malware detection software, then simply wait for a future direction that identifies a target and a start time.

To further evade detection, the “command and control” layer of the attack may not even try to simultaneously notify all of the bots at the same time. It could distribute the target information ( “who” / “when” / “how much”) over time to make it harder for intermediate organizations who are now unwittingly hosting the bots to use in attacking the eventual future target to detect a sudden spike in unexpected communication. At the specified times, all of the bots wake up and begin originating their attack. Organizations inadvertently hosting the attacking bots may not see any appreciable change in their outbound traffic, making it impossible for them to realize they are involved in the problem.

Network providers, large hosting firms and large corporations DO have hundreds of millions of dollars worth of dedicated appliances typically positioned outside their normal firewalls that continuously watch for patterns in incoming / outgoing traffic. For example, the tool might begin dropping traffic to the IP address of a web server if its connections per minute rate jumps from 1000/min to 4000/min.

A firm expecting a support application to only be used by its North American customers might actally configure its routers and firewalls to block any traffic coming from IP ranges associated with Asia or Russia. The problem is that the bots originating the bad traffic are likely distributed all over the world, including the country the business would like to continue supporting.

The cost of these security appliances is astronomical because in order for them to function, they have to have enough processing bandwidth not only to absorb the incoming packets – which could be an 1 Gigabit or 10 Gigabit sized pipe – but analyze them at multiple layers of protocol abstraction for signs of purposely corrupted packets or patterns matching prior DDoS attack schemes.

Network providers may also configure their routers with bandwidth “circuit breakers” that will begin randomly dropping traffic arriving on an interface that exceeds (say) 95% utilization. One scheme called Weighted Random Early Detection (WRED) will drop packets with the assumption that the sender and receiver of that traffic will detect the dropped packet and the receiver will ask the sender to re-transmit and when the sender gets enough re-send requests, it will slow its transmission rate. This approach doesn’t work for bot traffic cuz the bots aren’t typical well-behaved clients honoring the full TCP protocol, all they have to do is originate the bad traffic – they aren’t monitoring anything that comes back like a typical sender would.

Unfortunately, there is no technology cure for this activity. It’s a perpetual cat and mouse game.

WTH

6 Likes

Goofy,

Not exclusive of geopolitics, I see it as sociopaths can not be worn thin when they use a computer.

2 Likes

Nope. Because there are no such people.

We are talking about people wanting to make a LOT of money by offering (for $$$) services other ISPs will not offer. Dark web, X-rated stuff, and so on. They set up multiple ISPs in multiple countries and then do NOT do anything to stop traffic–unless they are NOT paid.

If most ISPs used a “white list” rather a “black list” for a wide variety of e-mail and so on, then the problem would pretty much not exist.

1 Like

An important topic and so please oh knowledgable ones (NOT me), thank you, and keep posting.

david fb

1 Like

When users connected directly with the host server it was much more of a problem. CDNs stand between the hackers and the mother server and CDNs can prevent the attack from reaching the mother ship. Not a solution but better than nothing. Jail time for perps is much more effective.

The Captain

2 Likes

[quote=“captainccs, post:13, topic:97331”]
Jail time for perps is much more effective.

The Captain

I think the difficulty is a. actually identify them b. apprehend them and have them transported to the US, or London, etc. If you identify them, and they are in Moscow or St Petersburg, good luck with bringing them to trial

1 Like

Comcast labeled Infinity can decide which ads go to which viewer demographics. There are switches on all of it. That is what the internet and the phone companies are switches.

The issue is what free speech are you allowed to hear?

The next issue is can the government decide that?

The next issue is what constitutes something you can not see daily.

The next issue is whether will it stand up in court.

The answer is the EU made things clear.

But if the EU can do that why would FB et al send only Americans BS they know it is wrong.

In the US we have a long powerful history of the Virginia plantation owners weighing in to defend their power over the government to take freedom to get power.

Not really.

You do not comprehend the difference between censorship and free choice.

I worked with an early ISP. The conscious choice “of the business” was free choice by the customers. So people could get what they chose–and not have “somebody else” making that choice for them. That worked. The only thing blocked was spam–because it wasted ISP resources (and thus cost the company money).

Just because someone else thinks something is “wrong” does not mean is is “wrong”. Just differing opinions or points of view. REALITY.

1 Like

There are universal wrongs. We are seeing them in all the war zones right now.

Really it reverts back to power politics. Do we want everyone to have a say? So that we do not? Is it honest to start a war and try to lie your way through the propaganda? Is it honest to broadcast the dealths on your side of a conflict but not on the other side? Does NBC or the BBC report to a degree on both sides? Or should we just take Hamas’s word for it? Obviously not.

Clearly taken out of context. No comment.

@jerryab2 It is hard to make generalizations out of right and wrong.

But we are seeing wrong and we know it.

1 Like