Internet has gotten into our lives in full for a few years is a clear thought today. Family and friends communicate by social networking services daily, much more even than in the physical world without smartphones and data connections. And yesterday (21st of October of 2016), many of them were aware of how much you need it.
They were realized that didn't work on Twitter, and therefore the haters could not be vent. They realized that didn't WhatsApp, and therefore not memes, they could move but not running NetFlix and could not put the girls to Masha and the bear so that they would be calm or listen to music on Spotify while it was running.
The list of services - the mass - which were affected was long. XBOX, Twilio, Paypal, Play Station Network and CNN also were among those affected. And then yes, then the world beyond those who know what is an IPv4 address or an IPv6 address began to ask... What's going on here? What has happened that it is really affecting my life?
The answer was so simple, as difficult to understand people. It was a massive DDOS attack on DNS servers of one of the companies that support many of these servers and many users. An attack against the request of name resolution that cut the contact between clients and service providers. Already, do not operate the DNS and the Internet infrastructure begins to fail.
The DNS on the Internet
The DNS are a key element in the infrastructure of the Internet is something we know from a long time ago. If they are attacked by a DDOS and cannot resolve domain names connectivity finished but already in the past we have seen other failures as the of Dan Kaminsky, who could have knocked down all those services as well as modifying the values of the responses to IP addresses.
Internet was not born thinking in all these attacks, and many services have evolved their operational adding layers of security on the original standards, as it is the case with the DNS, but still not added globally on all servers, where very few used today, for example, DNSEC to sign the resolutions of the given values. Against a DDOS attack the problem lies not in the DNS service, but the network itself.
Suppose the case of a denial of service against the website of a company attack. If an opponent have a DDOS, HTTP-level can be a Cloud ahead that filter the attacking bots of the users legitimate, as it does for example CloudFlare, but if done to services DNS must be the routers processing TCP or UDP requests about coming requests DNS resolution which discriminate if that request comes from a legitimate machine or not. Slightly more complex task.
An example of Anti-DDOS
Let’s suppose that the company DYN, this particular attack target, wants to stop this DDOS. To do this, you must have a safety net before traffic reaches your servers. If it were not so, all the DDOS attack traffic would come to your network, and although it detects it, and dismiss it with a 'drop' service requests could not be processed because the traffic to reach the router already is collapsed. I.e. the package non malicious would be as a regular purchaser of a property that cannot reach the door of the establishment because it is day of sales and is collapsed door by people who come for the deals.
For this purpose, the company must have a previous network, provided by the operator that provides you with Internet connections that eliminates - until they reach your router – those requests. I.e.: the supermarket that has the door collapsed on day of sale decides to put in the 4 corners of the streets from which sales buyers receive four control points. Thus, the massive traffic of new buyers would be divided by 4, leaving only 25% at each control point. The usual buyer would pass one of those control points with only 25% of the traffic of the attack then, at the entrance of the supermarket only you find and share input with other usual buyers.
If the time of crossing one of those four control points was still very slow, what should be regarded as supermarket is to hire more people to process in less time 25% of the traffic that passes by every one of those points of control or create new control points in a more distant layer, to achieve a greater breakdown of traffic.
So how shield systems which give ISPs from the network work, using technologies such as ARBOR to create what are called shields AntiDDOS provided from the network, which is what it seems that you could have done to get DYNAMIC to protect your DNS services, i.e., call your provider's network connections and request the hiring of these shields Anti-DDOS network.
How you can get so much power to make a strong DDOS attack?
DDOS attacks on DNS servers can be made in many way. We have seen in the past - already doing them - as she is had managed to make attacks of powerful traffic through DNS Amplification vulnerabilities, as happened when the attack to SpamHaus servers. In that case, an angry with RBL lists spammer was able to topple servers with DNS UDP requests spoofed that used as a source address of its objective so that the DNS servers themselves sixstory to SpamHaus.
But if we are going to more recent times, routers, printers and Windows computers, by means of known bugs, exploits public passwords by default or simple malware deployed with exploitation kits, we have seen as a group as Lizard Squad was able to lie on the past Play Station Network servers and XBOS and make own Kim Dot Com to pay Mega bonuses so that he could continue to play their games.
And without going so far, AKAMAI left without protection the website of Brian Krebs due to the virulence of the attack produced by a botnet of this type. A botnet made with devices in the world of the IoT that already is had warned long ago that it was worrying.
Who has been able to be back?
Speculations are always of all kinds. Could it be North Korea attacking US to return a proportionate response to the DDOS attack suffered as "punishment" for the attack on SONY? Could it be an attack to put the fear against e-voting? Could it have something to do with the elections in the United States so benefits the message of one or another candidate? Could it not be anything more than a new version of Lizard Squad angry by the blocking of an account on Twitter? Could it be an attack of ISIS by those same locks on Twitter?
It is now time for speculation, of course, and for the conspiracy. But if a State had this ready botnet - which I have no doubt that some countries have these possibilities - have to see if an operation thus reveals his cards. What we have seen in the past is that attacks between nations have always been drastic, using 0days that were undetected to avoid to stop being useful, because at the moment they are launched, researchers may discover how has been done, what they have been using and where was the exploited bug.
Until we do not have the details could be anything, but seeing how the attack on Brian Krebs was, my opinion would be more towards that direction. That is, to someone who already has this botnet created with device IoT, routers and switches - as did the NSA - and which is now enjoying with the use of the same in these DDOS attacks. I bet a t-shirt of LUCA or the SEAL that soon we will see more of these and may, even devices in your home or your company be part of this attack.
No te pierdas el tema anterior: Archivo HOSTS y PC's que no se ven entre ellos desde Red
Salta al siguiente tema: How to eradicate BitLocker from context menu in Windows 10
Quizás también te interese: