Last week I told you about bug fixes announced by Android as part of its May security bulletin. Well, over the weekend Samsung began releasing fixes for 27 vulnerabilities. Twenty-one of those are labeled as high severity. Handsets affected are the S9, Note 8 and S8 phones. Make sure you get them installed. Those of […]
If you can’t reach your favorite Linux developer by IM or e-mail today, it’s because they’re under a denial of service (DoS) attack.
The top programmers are all at the Linux Plumbers conference, which is being hammered by an Internet attacker.
Yes, even the best developers of the world can be put out of the commission when their internet is strangled.
According to James Bottomley, an IBM Research distinguished engineer and a member of the Linux Plumbers Conference committee, “Since yesterday we are being attacked from the outside. The attack follows us as we switch external IP and the team has identified at least one inside node which looks suspicious.”
The conference is not being attacked by some sophisticated Internet of Things distributed denial of service (DDoS) attack like the Dyn attack. No, it’s being mugged by one of the oldest attacks in the DoS book: a SYN flood.
In a SYN flood, the attacker breaks the normal TCP-startup three-way connection hand-shake. If you do this enough times, by “flooding” the router, the router runs out of memory and no one is able to make Internet connections.
The truly annoying thing about this type of attack –which has been around for more than 20 years — is that it’s easy to prevent. There are at least eight, count them eight, ways to mitigate SYN floods.
What’s far more troubling is that the Santa Fe ISP didn’t have any of the SYN flood defenses up. We know that massive Internet-killing DDoS attacks are on their way; and here we find a national ISP in a state capital can’t deal with an old-fashioned Internet assault.
I’ve predicted we’ll see serious Internet breakdown this year. Looking at this local Internet slowdown I’m surprised it hasn’t already. Yes, a lot of blame for Internet attacks goes to IoT manufacturers and insufficiently hardened web servers, but ISPs are guilty of poor security as well.
On most Linux machines, thwarting a SYN attack is really just few lines of the iptables firewall script added to the INPUT Chain
Here they are:
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP !!! stops NULL packet attacks
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP !!! && Stops syn-flood attacks
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP !!! Stops X-Mas packets
[1:28pm Pacific / 4:28pm EST Update: According to Time Magazine Deputy Tech Editor Alex Fitzpatrick, there is now a third DDoS attack underway targeting Dyn – this from 7 minutes ago. According to Alex, Dyn have also confirmed that the Mirai Botnet is responsible “in part” for today’s DDoS attacks]
[Updated again 1:07pm with mainstream coverage including Time saying DHS is investigating. Also that WordCamp ticket sales were affected.]
[This post updated at 12:18pm Pacific time with a few additional ways in which WP publishers may be affected]
DNS provider DynDNS, also known as Dyn.com is currently being attacked using a very aggressive DDoS attack. If you use them for your website DNS you probably have experienced outages today.
This attack affects any website or online service that uses Dyn.com for DNS resolution. So far this attack has affected:
- Wordcamp ticket sales were affected earlier today according to WP Slack #community-team channel.
And many other large well known brands.
This attack may affect your website shopping cart checkout if you use a service provider who has been affected by the attack. It may also affect other features or services you provide to customers that rely on being able to contact a site affected by the attack.
You may have heard that Twitter, Paypal, Amazon and others came in for massive slow-downs today because someone was attacking Dyn.com which handled their DNS.
DNS provider Dyn.com is currently under heavy DDoS attack which has affected many well known brands across the Internet including Amazon, Netflix, Reddit, Paypal and many others.This may affect your site if you use them for DNS or if you use any service, like Paypal, that uses DynDNS.The larger providers seem to have worked quite quickly to mitigate this attack, but it is ongoing so it’s important that you’re aware of it and carefully monitor your website during this time.
I spent 2 hours reviewing this and reading thru hundreds of technical comments from intelligent people who claimed to be in the know.
Amongst the theories propagated was that it was a country or state sponsored attack from Russia or China. Other’s pointed out however that the origination of the attack appeared to be in the States.
Others countered that perhaps NSA or other in the US Govt were possibly testing. And others pointed out the fallacy of such testing. In short the discussions went on and on and were sometimes a bit circular.
One thing hit me because 3 people mentioned it but were ignored by the others. That thing was, forget who is attacking for a moment and concentrate on what you as a business owner would do if your internet became severely compromised? Would life suddenly ground to a halt and stop?
What would we do if the internet went down for a week. Some technicians said, “Grow some vegetables”
This reminds me of an early time I had monthly company expenses of $78,000 across 3 countries and I was the only sales person.
I made that $78,000+ month after month from my trusty physical roladex which had every customer/supplier name/number on it.
When I didn’t know what I should be doing with myself ( I was inherently inefficient back then ), my fingers used to idly twirl that circular rolodex and wherever it stopped, thats where I started.
I looked at the card and if it was a supplier and I hadn’t spoken to them in a few weeks, I would call them to see if I could get them to tell me the state of the industry and whether there was some business that they knew about that I might be qualified for.
If it were a customer and i hadn’t called them this week, I would call for no apparent reason.
I would make something up on the fly if they answered the phone which prompted me to start putting in their birthdates and other personal information on their rolodex card.
I wasn’t too worried about what to say because experience taught me that 80% were either busy or wouldn’t answer the phone anyway.
My business was the internet but if the internet went down ( or simply became unresponsive) , it would not have affected me unless it stayed down for a month or more.
What would you do?