AWS hit by major DDoS attack

DDoS is an annoyance not even the biggest Cloud is safe from. Apparently AWS’s Route 53 was affected and failed to resolve multiple DNS names over several hours.

DDoS, Distributed of Denial Service
Distributed of Denial Service

Parts of AWS were taken offline for hours

Source: TechRadar. The newspage also has a reference of 2019’s best DDoS Protection.

Analysis of the GitHub DDoS.

NETRESEC took a closer look at the long lasting DDoS attacks on github.com. One of the few instances of this type of attack that even made it to mainstream media.
The article finds random web browsers from outside China are tricked into reloading two particular pages on github.com. Apparently, this happens by manipulating requests coming from users physically outside China to services in country hosted content at the border infrastructure.

This is another example of why encryption is a good thing. General usage of SSL/TLS will prevent passive filtering infrastructure from manipulating traffic, and prevent such problems.

via NETRESEC Network Security Blog.

Github Under JS-Based "Greatfire" DDoS Attack, Allegedly From Chinese Government

Github is under attack from the Chinese Government, Slashdot writes.

via Github Under JS-Based “Greatfire” DDoS Attack, Allegedly From Chinese Government – Slashdot.

DDoS attacks are getting easier

Search CloudSecurity writes DDoS Attacks are becoming easier, cheaper, more frequent and more varied.

Hybrid DDoS prevention emerges to counter variety of DDoS attacks.

via

@GitHub hit by #DDoS

GitHub Logo

Offenbar ist GitHub im Lauf der vergangenen Woche Opfer eines DDoSAngriffs geworden. Der Blogartikel des Betreibers beschreibt die Vorgänge aus einer technischen Seite und beschreibt die zeitlich Abfolge des Angriff, enthält aber keine Angaben über die Größenordnung.

via: Denial of Service Attacks Continue reading “@GitHub hit by #DDoS”

Black Hat: Ad-Network Attack Vector #ddos

JavaScript als Grundlage fast aller HTML5 Innovation wird auch gerne von Werbenetzwerken benutzt um nervige Bilder und Banner anzuzeigen. Am liebsten auf Millionen von Webseiten gleichzeitig und am besten auch gleich so, dass man die gleiche Werbung auf allen Webseiten sieht bis man gekauft hat. Sofern man denn zur richtigen Zielgruppe gehört. Auf der Blackhat hat sich mal jemand Gedanken gemacht, was man für ein paar Cent pro Tausenderreichweite noch alles machen kann.

Still, the two tested proof-of-concept ads that could be used for DDoS attacks on web applications, distributed brute-force cracking of encrypted password “hashes,” and cross domain brute force attacks on passwords.

via IT World

Malaysian DDoS

Earlier, on April 11, London-based Malaysian radio web portals Radio Free Malaysia, Radio Free Sarawak, and Sarawak Report were hit by a large scale DDoS attack which generated over 130 million hits on the sites in three-and-a-half hours, taking them out of action for five days.

via Malaysian election sparks web blocking/DDoS claims

Erstmals DDoS-Attacke über IPv6

Das Protokoll scheint ja wirklich endlich mal bereit zu sein für den Masseneinsatz. Bericht: Erstmals DDoS-Attacke über IPv6. via heise.de