networking Death Of The Internet: GIF At 11

[vissha]

Death Of The Internet: GIF At 11

 

Today, thanks to the insecure Internet of Things, we're reaching a point where the internet really could be crashed. But we can stop it if we try.

 

People have been talking about the internet crashing for as long as there has been an internet. The use of the 1980s graphic format "GIF" for the common phrase used to describe "Death of the internet: GIF at 11" tells you that. We've always been scared of it, but today it's a real possibility.

 

Unbeknown to you, your home connected devices could be unwitting participants in a DDoS attack. Your ISP, however, can spot and stop them... if they really wanted to.

 

In fact, I'm certain we'll see such an attack. If I were a betting man, I'd say we'll see it sometime around November 8th: The US elections date.

 

An attack then would make a huge impression. And, as noted security expert Bruce Schneier pointed out recently, "over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses."

 

The US is already investigating Russian cyberattacks designed to influence the 2016 election. Why not a massive attack on the US's internet infrastructure just in time for the election?

 

Schneier continued that major internet companies are telling him they're seeing an increase in [Distributed Denial of Service] DDoS attacks against them. "Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure."

 

That's not just what he'd been told. Internet security firm Verisign is reporting DDoS activity is the highest it's ever seen.

 

It's only gotten worse.

 

In late September, prominent security expert Brian Krebs had his security blog, Krebs on Security, blown off the Internet by a DDoS attack that came to a mind-boggling 665Gbps. Akamai, the content delivery network (CDN), counts attacks of over 100Gbps as being "Mega attacks." This attack, on a single individual's website, was six times that size.

 

Akamai and its DDoS prevention division Prolexic was forced to give up trying to handle the attack on Krebs. They couldn't afford to keep trying to keep his site up against a perfect storm of SYN Floods, GET Floods, ACK Floods, POST Floods, and GRE Protocol Floods bogus email subscriptions and garbage Skype requests. Today, Krebs on Security is back up on Alphabet's Project Shield, Google's experimental anti-DDoS service.

 

Attacks over 100Gbps are becoming commonplace. Massive DDoS attacks can now be done by any script kiddie.

 

Here's the worst news. Truly massive attacks are easier than ever to make.

 

It doesn't take a nation to blow away a site. Roland Dobbins, an Arbor Networks principal engineer, told Krebs, "When it comes to DDoS attacks, nation-states are just another player. Today's reality is that DDoS attacks have become the Great Equalizer between private actors & nation-states."

 

How? With the Internet of Things (IoT).

 

Krebs sourly noted it didn't require a James Bond villain. "This attack was launched with the help of a botnet that has enslaved a large number of hacked so-called IoT devices -- mainly routers, IP cameras, and digital video recorders (DVRs) that are exposed to the internet and protected with weak or hard-coded passwords."

 

The botnet code used to make the attack, Mira, has been dumped on the web. That was a few days ago. In a few weeks, script kiddies can start making 500Gbps+ attacks.

 

Wonderful.

 

So, what can you do about it? Not much in the short-run. In the long run, programmer Stephen Satchell suggests that the US Consumer Product Safety Commission (CPSC) require IoT vendors for everything from washers to routers to secure their devices after any use in a DDoS attack. It's his hope that by making manufacturers legally responsible for the damage caused by their devices, they'll finally take security seriously.

 

I like the idea, but I'm not holding my breath. Security takes expertise and money.

 

Another idea, which could be implemented more quickly, is for internet service providers (ISPs) and router and switch vendors to finally implement Network Ingress Filtering, better known as BCP-38.

 

BCP-38 was proposed in 2000 when DDoS attacks were first becoming a serious problem. It works by filtering out bogus internet addresses. Another internet proposal, Ingress Filtering for Multihomed Networks, BCP-84, helps to make it possible to use.

 

They're not perfect, but they would go a long way to reducing DDoS attacks to manageable sizes.

 

So why wasn't it implemented a decade ago? Andrew McConachie, an ICANN technical and policy specialist, explained in an article that ISPs are too cheap to pay the small costs required to implement BCP-38.

 

Their logic is, McConachie explained, "It costs money to install filters, albeit a very small amount, but it is not free. Nor is the labor capable of installing those filters cheap. Therefore it makes economic sense for this network operator to not install filters. No one is DDOSing their network, that's someone else's problem."

 

It's not. It hasn't been someone else's problem for years now. And now it's on the brink of becoming everyone's problem in the worst possible way. Besides, it doesn't cost that much. McConachie said "any carrier grade [Border Gateway Protocol] BGP router can support many more Access Control Lists (ACLs) than are actually needed to support implementation of BCP 38".

 

Are you an internet engineer or do you want to help solve the problem rather than explain to your customers why their internet went dead in the water? Check into the Routing Resilience Manifesto, consider joining the IETF SAVI working group, or visit the Anti-Spoofing start page.

 

The tools are out there to save the internet. We must use them before it's too late.

 

This isn't paranoid fantasy. This is our future unless we act now.

 

Source

[straycat19]

There are things that can be done by anyone to alleviate this problem.  Every router has the capability to allow access only by specific MACs.  That is how I control my home network.  Using WPA2, No SSID broadcast, and whitelisted MACs is a very effective way of stopping devices you don't want connecting to your home network.  At work we have always used a Bootp table, which whitelists MACs and assigns them a specific IP, so any device connected to the network cannot get internet access unless it is approved by IT and added to the bootp table.  Those devices that connect wirelessly require a specific login and access in order that unwanted devices, like cameras, cannot connect to the network and thus have no internet access.  Unfortunately, we let every Tom, Dick, Harry, and Jane (no offense if you are named, Tom, Dick, Harry, or Jane, it is just an American expression) buy a router and plug it in without knowing the first thing about security or setting up a local network.  There should have been a licensing requirement for users to take training before allowing them to connect to the internet.

[steven36]

LOL  you talking  about  disconnecting the world and setting the world back 30 years while they are busy  pushing free internet WiFi all around the world in return  for you're data   . If they need licensing to run  the internet  they should left it private  to began with .  Its about 20 or 30 years too late to invoke licensing on the internet . If they done that  they would lose most of that 2.2 trillion in money they make  and rising   off the internet.. so what you speak is not reality .

 

They  tried licensing on CBs  back in the 70s and it failed  and the FCC opened it up where you didn't  need  a licensee anymore because it didn't work and any kind  of regulations  they tired to put on it failed in the end too. There was a time when they use to police people on the airways they had Vans with antennas on them and if they caught you using illegal radios and amps they take you're stuff and fine you.  People slit  done it anyways All that done was killed it were everyone  stop using it but truckers . And the FCC  has gave up on regulating it 30 years ago and  the ones who are left On CBs still break the law everyday . 

 

It's just like computers  now days if they catch you  breaking  the law they take you're computer and take you to court  it don't stop no one  from breaking the law  and it never has , just like all crimes they got too catch you  doing it first. They can't arrest  the whole  world . All regulations and laws can do is try too slow down crime  but it never really works.

 

 

Reality  is 20 or 30 years ago  the world existed  just fine without the internet  since the beginning  of time  what internet they had before the 80s was private . Its not something we have to have  its all about making money off people  they never could  get off them  tell like 20 years ago .

 

Quote

Internet Statistics 2016

1. There are 3.26 billion internet users as at December 2015; that’s over 40% of the world population.

2. Asia, as a continent, has the most internet users. It accounts for 48.4% of global internet users.

3. China, as a country, has the most internet users; with an estimated 640 million internet users, the number of internet users in China is twice the number of the entire U.S population.

4. China has the highest percentage of internet users (21.97%), followed by the U.S. (9.58%) and India (8.33%).

5. Bermuda has the highest internet penetration at 97.75%; a whopping 63,987 of Bermuda’s 65,461 population uses the internet.

6. In contrast, while a whopping 86.75% of the U.S. population uses the internet, the U.S. is only ranked #25 in terms of internet penetration. The U.K. ranks #15 in terms of internet penetration with an estimated 89.90% of U.K. citizens using the internet.

7. Digital interactions influenced retail sales to the tune of $2.2 trillion in 2015.

8. By 2017, there will be more internet traffic than all prior internet years combined

9. Wi-Fi and mobile-connected devices will generate 68% of all internet traffic by 2017.

10. In 2015, 64% of all in-store sales, or sales to the tune of $2.2 trillion, were influenced by the internet.

11. Facebook now has 1.55 billion active users.

12. 2.9 billion Google searches are made every day.

13. 2.7 million blog posts are published every day.

 

https://hostingfacts.com/internet-facts-stats-2016/

 

  Whats so crazy about this  smart TVs and other IOT  devices  that  are powering the botnets  that are killing the internet not PCs  they should ban IOT  devices  and there be no more problem,