DDoS is an annoyance not even the biggest Cloud is safe from. Apparently AWS’s Route 53 was affected and failed to resolve multiple DNS names over several hours.

DDoS, Distributed of Denial Service
Distributed of Denial Service

Parts of AWS were taken offline for hours

Source: TechRadar. The newspage also has a reference of 2019’s best DDoS Protection.

Analysis of the GitHub DDoS.

NETRESEC took a closer look at the long lasting DDoS attacks on github.com. One of the few instances of this type of attack that even made it to mainstream media.
The article finds random web browsers from outside China are tricked into reloading two particular pages on github.com. Apparently, this happens by manipulating requests coming from users physically outside China to services in country hosted content at the border infrastructure.

This is another example of why encryption is a good thing. General usage of SSL/TLS will prevent passive filtering infrastructure from manipulating traffic, and prevent such problems.

via NETRESEC Network Security Blog.

DDoS attacks are getting easier

Search CloudSecurity writes DDoS Attacks are becoming easier, cheaper, more frequent and more varied.

Hybrid DDoS prevention emerges to counter variety of DDoS attacks.


Black Hat: Ad-Network Attack Vector #ddos

JavaScript als Grundlage fast aller HTML5 Innovation wird auch gerne von Werbenetzwerken benutzt um nervige Bilder und Banner anzuzeigen. Am liebsten auf Millionen von Webseiten gleichzeitig und am besten auch gleich so, dass man die gleiche Werbung auf allen Webseiten sieht bis man gekauft hat. Sofern man denn zur richtigen Zielgruppe gehört. Auf der Blackhat hat sich mal jemand Gedanken gemacht, was man für ein paar Cent pro Tausenderreichweite noch alles machen kann.

Still, the two tested proof-of-concept ads that could be used for DDoS attacks on web applications, distributed brute-force cracking of encrypted password “hashes,” and cross domain brute force attacks on passwords.

via IT World