Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday March 22 2016, @04:47AM   Printer-friendly
from the commence-speculation dept.

Last week, several major eCommerce sites in Switzerland were targetted by DDoS attacks (German). As far as I have been able to discover, no one knows who was behind the attacks[*]. One might have thought the attackers would identify themselves and demand ransom to stop the attacks, but apparently not. Anyhow, I should hope that no company would be stupid enough to pay, since that would just put them on the list of "suckers" to be targetted again.

This past weekend, it was Swedish government sites, among others.

Today, I have come across two sites that I cannot reach: dilbert.com and an EU governmental site about a minor software project. Dilbert is definitely the target of a DDoS attack; I cannot confirm this for the .eu site, but it seems likely.

Here are a few random thoughts from a non-expert:

- Why would anyone bother with attacks, without claiming credit or demanding ransom? The same reason kids throw rocks through windows? Showing off capability for potential paying customers? Something else?

- If the second (demonstrating capability), isn't this stupid? They've provided ample motivation to disable these attacks, or at least seriously filter them, thus reducing their impact in the future attacks.

- The current DDoS attacks are apparently NTP-reflection attacks (send spoofed queries to vulnerable NTP servers, which then reply to the victim), and similar DNS-based attacks. Is it possible to eliminate these attack vectors, just as Poodle and Heartbleed have been largely eliminated? I.e., issue patches, offer free tests, even blacklist noncompliant servers? Or are the affected protocols so broken that this is not possible?

The whole situation is strange - it seems like there are a lot of missing pieces to the puzzle. I'd be interested in hearing opinions from other Soylentils - what do you think?

[* My German is rusty, but the first-linked story references the "Armada Collective". -Ed.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday March 22 2016, @10:14AM

    by Anonymous Coward on Tuesday March 22 2016, @10:14AM (#321506)

    Also I suspect the newspapers are after government money to "improve their infrastructure", at least from the articles they wrote.
    Mostly they have nobody but themselves to blame for having huge, image-heavy, bloated websites.
    If they just had a simple text-only static website I doubt it would have been all that hard to withstand (admittedly it helps less/you'd need to be able to redirect to AWS or similar if it's an amplification based attack).

  • (Score: 3, Informative) by mth on Tuesday March 22 2016, @10:36AM

    by mth (2848) on Tuesday March 22 2016, @10:36AM (#321521) Homepage

    The summary claims they are being hit by a flood of UDP packets, not HTTP requests. While I don't like bloated website designs either, I don't think you can blame those in this case.