Why Friday's Massive DDoS Attack Should Be Terrifying (opens in new tab)

Just because it didn't effect you directly doesn't mean it wasn't a big deal. I'm in Nashville and was not effected, but I'm not writing it off as a non-event. The worrying thing is hacked IoT devices were militarized (just using this as a term, not saying this was a state actor, though it very well could have been.)

Imagine if the hack occurs again, but is more targeted towards things that aren't just minor annoyances, and maybe happens on election night in the U.S.; I mean just earlier this year a repo on a package manager being deleted caused mass failure across the world of applications. A targeted attack on certain assets or dependencies could be very bad indeed. I would argue that GitHub being effected was more important than the other consumer based services in this attack. This is the first of many similar attacks in the coming years.

It mattered for people on the East Coast. Where I am (New York), we couldn't access Github, Twitter, Paypal and many other services. To make matters worse, AWS us-east region was configured to use Dyn. Therefore, many applications that depended on it (and on Heroku) were down. At my workplace, we had to reconfigure DNS for our own applications even though we didn't directly use Dyn. It really was a big deal.

I'm sure a lot of people were unscathed by this event, but it appears to be more of a warm-up than the main event. I think it demonstrates the likelihood of further attacks and the possibility that those could have far-reaching consequences. You're right that the title is sensational, but I do believe the threat is daunting.

West-coaster here. Twitter unreacheable, Github unreacheable, Box unreacheable, Soundcloud unreacheable (I'm a musician, saw a friend's band's big song premiere go stale). Tons more. Just because you didn't feel it doesn't mean others didn't.

East coast here, it was a real big deal. Everything from streaming services to Okta/office365 logins were broken. All kinds of seemingly unrelated services were totally inaccessible for most of the work day, essentially draining productivity from the economy. Something bigger than this could shut down most of the economy considering most things use the Internet as a crucial infrastructure.

No. It mattered.

You are speaking of basically an IP-based version of the spamhaus blacklist. For general http or TCP protocol.

I, for one, would be fine with a general internet citizen losing access if they have a compromised device. I suspect this is how we will go -- your home security cam was used in an attack, now every single website you visit for XXXXXXXX days gives you a CAPTCHA.

I maintain the crucial element is informing people why they have that hassle. Add extra friction, but not inhibit what they can do, because they are unable and unwilling to secure their devices.

Yes, this affects the internet-uneducated disproportionately. Yes, I think it is the responsibility of anyone with a broadband connection to understand the responsibilities that come with it.

No, I do not expect grandma to learn this. I expect her to deal with a crippled internet because they are not able to fix their pollution.

Two issues: NAT and dynamic addresses.

NAT: blocking an iot address may be blocking grandma's whole network (or her whole apartment complex's network), and the ISP doesn't want that support call.

Dynamic addresses: depending on the ISP, the IP could change quite frequently (daily), so keeping the list up to date to avoid collateral damage to the unlucky recipient of the blacklisted IP is very difficult.

L3 already confessed to having build a list of >500K Mirai bot static IPs, they used it to .... do NOTHING, because they are in business of selling pipes, and ddos makes good business.

In germany, the Telekom (T-Online) used to block http or SMTP traffic when they recognized an infected connection which sent SPAM emails. Don't know if they still act like this.

In some sense it doesn't matter, because the tools are now out there and the problem is structural.

Delving into motives can have the effect of encouraging people who want attention.

A group called New World Hackers have claimed responsibility[1]. I read a bit that they stopped their attacks by 2pm EST, and that another group picked up some of the minor attacks later in the day. Anonymous was mentioned, but didn't claim it. I can't seem to track down that article at the moment... I'll keep looking.

[1] https://twitter.com/fbajak/status/789611472280178688 and http://www.anonintelgroup.com/2016/10/21/twitter-down-its-no...

"The Russians™"

I found a really really stale name server that didn't respect TTLs.

Me too. I also setup a crontab to capture DNS entries for all services I depend on.

I'm along the North Western New Mexico/South Western Colorado border and didn't notice a difference either. I'm not saying this is shouldn't be a major concern. Just some areas are effected quite a bit more than others, it appears to mainly effect high metro/coastal regions.

I was in the northern suburbs of Chicago and wasn't able to access GitHub .

I can understand the instinct to move, but I think the answer is to split your eggs among many baskets, not just pick a sturdier basket. I don't think the Dyn team is necessarily bad, it was an enormous assault.

Not accurate, Reddit was on CloudFlare previously and switched to Route53 a few weeks ago.

I'm trying to understand your position. Are you saying this is partially (or fully) the government's fault because they didn't regulate the IoT device market to force it to be open source? And if they had done so this attack could have been avoided?