Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Network Security Botnet Cloud Communications Databases Networking The Internet Hardware

OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices (hothardware.com) 116

MojoKid writes: If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these devices have improperly configured network settings, which leaves them ripe for the picking for hackers that would love to use them to carry out destructive attacks.The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps. This massive DDoS campaign was directed at Minecraft servers that OHV was hosting. Octave Klaba / Oles tweeted: "Last days, we got lot of huge DDoS. Here, the list of 'bigger that 100Gbps' only. You can the simultaneous DDoS are close to 1Tbps!"
This discussion has been archived. No new comments can be posted.

OVH Hosting Suffers From Record 1Tbps DDoS Attack Driven By 150K Devices

Comments Filter:
  • by bjwest ( 14070 ) on Tuesday September 27, 2016 @05:19PM (#52972617)
    The IoT is, by design, a security risk. Who the hell needs their oven, thermostat, refrigerator and each individual light-bulb connected to the Internet? I have no pity for anyone who gets their speaker-included light-bulb hacked, and I truly believe the companies whose products are involved in this DOS should be held completely responsible. CEOs and CTOs should be fired and charged with computer crimes.
    • Comment removed based on user account deletion
    • by phizi0n ( 1237812 ) on Tuesday September 27, 2016 @05:35PM (#52972703)

      By that logic why limit it to only IoT. Everything connected to the net should be held accountable which starts with ISP's holding each other and their customers accountable. ISP's need automated ways of telling each other about unwanted DDoS traffic in real time, or even just identifying members of botnets after an attack, and then demanding that those customers be warned/taken offline until they secure their local networks. If an ISP fails to act then their peering links would start getting throttled progressively more until either they fix the problem or they get cut off entirely.

      • Forgot to mention that the ISP's could also pressure any device manufacturer to secure their products better and all the customers with devices that are inherently insecure could take legal action against the device manufacturers for a defective product.

      • by Anonymous Coward

        Which is how it should work. But the problem with that is that many/(most) ISP's don't do source address filtering. Which means that if the attack nodes also use source address spoofing, once the traffic gets to the target you don't know which ISP it came from.

        If you knew which ISP the traffic was coming from you could indeed grab them by the throat and work backwards, but unfortunately the target doesn't know that.

      • Everything connected to the net should be held accountable which starts with ISP's holding each other and their customers accountable.

        Which is exactly the logic governments will use to justify enforcing licensing and registration for every user and device.

        Strat

    • by Anonymous Coward

      You forgot to mention DVRs, Roku, AppleTV, printers, home security cameras, Xbox/Playstation, etc, etc, etc.

      But in reality it's not likely these are all home devices, which are typically behind NAT routers with at least some basic firewall features. I suspect most of these are devices that aren't firewalled.

      • by Sique ( 173459 )
        But most of those devices have some "check for updates" functionality built in, and if you can intercept that and feed false data back to the device, it will gladly download bogus firmwares or execute commands injected in the data stream. And now the attack starts behind the NAT/firewall, and this direction is not in any way filtered at most sites, but set to In->Out Allow All.
    • The problem is the user doesn't care because it doesn't affect him, right? The whole problem here is that other people are affected.

    • by Xest ( 935314 )

      Yerrrr! fucking technology, taking our jobs. I remember when Jeeves would stand there and sing to me whilst holding a candle, I didn't need no speaker light bulb. Jeeves would never attack me as he knew his place unlike these internets, good old Jeeves, I miss him. Damn slavery laws, fucking god damn liberals and their "progress"!

    • No one needs what you describe. But on the other hand that us only a small tiny part of what IoT is. Please stay away from consumer marketing material when discussing conceptual technologies with a wide breadth.

  • by Indy1 ( 99447 ) on Tuesday September 27, 2016 @05:28PM (#52972663)

    I always find it richly ironic when spam hosting isp's get cratered by a DDOS. Lie down with dogs, get up with fleas.

    https://www.spamhaus.org/sbl/l... [spamhaus.org]

  • Obligitory meme [memegenerator.net]

  • Slashdot: News for nerds, stuff that matters
    https://slashdot.org/index2.pl... [slashdot.org]
    Slashdot
    Jul 3, 2000 - Re:How do you know? (5 points, Insightful) by Z00L00K on Monday September 26, 2016 @06:30AM attached to Ask Slashdot: Is My IoT Device Part of a Botnet?

    Google: IoT site:slashdot.org date:2000 - 2012

    • Slashdot: News for nerds, stuff that matters
      https://slashdot.org/index2.pl... [slashdot.org]
      Slashdot
      Jul 3, 2000 - Re:How do you know? (5 points, Insightful) by Z00L00K on Monday September 26, 2016 @06:30AM attached to Ask Slashdot: Is My IoT Device Part of a Botnet?

      Google: IoT site:slashdot.org date:2000 - 2012

      My bad, just noticed the 2016 reply by Z00L00K , just a bad link all around.

  • by Gravis Zero ( 934156 ) on Tuesday September 27, 2016 @11:01PM (#52974105)

    IoT vendors will only secure their devices after it starts costing them money or are legally required to do so. There are a few options but all of them require high-jacking IoT devices.

    You could turn IoT devices on...

    • - their makers by DDoSing their websites indefinitely. (Probably the best option.)
    • - a larger more powerful corporation in hopes that they will sue the device vendors. (A serious gamble.)
    • - against the servers of law-makers so that they do something. (Poking a rabid dog may not be a good idea.)

    Not great options but turning them on congress would make something happen which may or may not be a good thing.

    • by GNious ( 953874 )

      Have ISPs take them offline.

      If your equipment is found to be part of a DDoS attack, taking you offline removes teh DDoS, and you get the necessary incentive to fix your security. Once word gets around that having brand X VoIP/Camera/IPTV/Printer device causes you to lose internet access, people stop buying them, and at this point the manufacturer is incentiviced to fix their shit.

    • There are a few options but all of them require high-jacking IoT devices.

      If I were feeling more energetic I'd pull out some comments from here I left a decade ago talking about a guild of Internet engineers and a trust system where certified operators could send cryptographically-signed messages upstream to shut off attacking ports (or requests to do so - that's a local detail).

      Yes, we're decentralized, and that's good, but we also need to cooperate.

      When homeowners get their Internet shut off because their

    • There is actually a fourth option: Turn the IoT devices against their local LAN. Pretty innocuous in the grand scheme of things but, if you discover that you can't watch Netflix when you have your IoT lightbulb plugged in, it might make you wonder about the value of IoT devices.

      (Also, your 3 options made me literally laugh out loud).

  • You know, the third amendment prevents you from having to quarter troops in your house. Why buy all these "Internet of Things" devices, and quarter the troops of a cyber war? DDoS provides the censorship dreamed of by the worst governments and the casual keyboard tyrant alike. These "things" are just malicious tools.

  • I don't understand how this sort of thing happens anymore. In every one of these DDoS threads, a fellow slashdotter (anon, of course) is giving "expert" advice on how to easily manage such DDoS activities by configuring Windows NT [slashdot.org].

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...