A row between a spam-fighting group and hosting firm has sparked retaliation attacks flooding core infrastructure. It is having an impact on widely used services like Netflix - and experts worry it could escalate to affect banking and email services. Five national cyber-police-forces are investigating the attacks.
All I got from that article was bragging. Then at the bottom they say “We can’t be brought down.” which is as false statement, everything can be brought down given the resources and time, for example I doubt a nuclear bomb wouldn’t be able to bring them down.
Edit: http://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho perhaps not as much information but in my opinion it’s better information.
And as I understand it “Spamhaus” creates a blocklist of IP-addresses used for spamming, then how do they work with dynamic IP-addresses? What if they’ve blocked an IP-address once used for spamming but now used for legitimate purposes?
“Didn’t break the internet, but it did try.”
from my understanding from what i read at Cloudflare latest blog post and the one before it SanyaIV linked to
“The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers.”
that means the attacks reflect from legitimate open DNS resolvers, blocking those ips is impossible beacuse it will block legitimate users, Cloudflare dealt with that by spreading the traffic among all the servers they own and then taking care of it with other ways. since many people use open DNS resolvers, some of them are experiencing slower internet. (at least i think so? can someone confirm that? i dont fully understand what part DNS resolvers fill at our network)
ones Cloudflare contained attack that way, the attackers lunched their botnets Directly against the network providers CloudFlare uses for bandwidth, (from my understanding this would definitely slow down people that use the same network providers)
they also attack “ix’s”
“switches into which multiple networks connect and can then pass bandwidth. In Europe, these IXs are run as non-profit entities and are considered critical infrastructure. They interconnect hundreds of the world’s largest networks including CloudFlare, Google, Facebook, and just about every other major Internet company.” which will also slow down people’s internet in those areas
the ix’s that are known to be attacked:
London Internet Exchange (LINX), the Amsterdam Internet Exchange (AMS-IX), the Frankfurt Internet Exchange (DE-CIX), and the Hong Kong Internet Exchange (HKIX).
this is at least how i understood the articles, am i right with my assumptions?
It may not have been as big as has been stated according to Internet Apocalypse Now? Experts Say No.
The attack was a very strong one according the article in the above but not sizeable enough to disrupt the web.