China capable of massive DDoS attacks
China, being the world’s most populous country has a lot of potential when it comes to DDoS attacks. Craig Hockenberry, author of furbo.org was a recent victim of such an onslaught. When he found out that both of their mail servers were down, he naturally looked at the server traffic. This was his reaction:
There was only one thing I could say: “Holy shit.”
This was his network graph. Usually the megabits/sec for requests is really low compared to the responses, but in this case, the peak of the request graph hit 52 Mbps which is insanely high and definitely not normal network activity.
Let’s put that number in perspective: Daring Fireball is notorious for taking down sites by sending them about 500 Kbps of traffic. What we had just experienced was roughly the equivalent of 100 fireballs.
What is a DDoS attack?
Distributed Denial-of-Service or DDoS is a term which refers to an attack which generally consists of efforts to temporarily or indefinitely interrupt or suspend the services provided by a host over the internet.
The most common type of Denial-of-Service attack involves flooding the target resource with external communication requests. This overload prevents the resource/server from responding to legitimate traffic, or slows its response so significantly that it is rendered effectively unavailable.
China and DDoS
On closer inspection it appeared that most of the traffic was coming from China, more specifically from Chinese BitTorrent clients who apparently thought that this particular server was a tracker. In this case, the only solution was blocking out ip addresses from china using a firewall.
China has been a major source of DDoS attacks in the past, one of the notable ones being the massive attack on Blizzard servers in North America.
More details on this incident can be found here.
Have a nice (DDoS free) day!
iPhones having spyware built-in?