You might've read some headlines today—in very reputable publications—saying that there's an online attack underway. The biggest in history. Enough to slow down the internet. This would be exciting and scary, except it's just not true.
The entire thing sounds so dramatic—the swarming DDoS onslaught is "jamming crucial infrastructure around the world," the NYT screams from the trenches—that it sounds just plausible enough. And indeed, the combatants in question have been battling it out online: a conflict between Spamhaus, a Dutch group that tracks spammers and Cyberbunker, a Dutch hosting company accused of housing them. That's really happening: as far as we can tell, botnets acting on behalf of (or run by) Cyberbunker have been trying to crash Spamhaus for days with a strong stream of overload junk data.
And if you believe what you've been told online, their head-butting is quaking the entire web. This is it. The big one. The hacks to end all hacks, a hack attack with collateral damage that reverberates 'round the globe. But once you read beyond a few scary sentences of CYBERWEBATTACKS, you might wonder:
Why wasn't my internet slow?
Why didn't anyone notice this over the course of the past week, when it began?
Why isn't anyone without a financial stake in the attack saying the attack was this much of a disaster?
Why haven't there been any reports of Netflix outages, as the New York Times and BBC reported?
Why do firms that do nothing but monitor the health of the web, like Internet Traffic Report, show zero evidence of this Dutch conflict spilling over into our online backyards?
Ds articles généralistes, par CBC http://www.cbc.ca/news/world/story/2013/03/27/spamhaus-attack.html et par le New York Times ►http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html et en français par le Figaro http://www.lefigaro.fr/hightech/2013/03/27/01007-20130327ARTFIG00712-une-cyberattaque-geante-perturbe-le-trafic-intern
Un article sérieux http://arstechnica.com/security/2013/03/spamhaus-ddos-grows-to-internet-threatening-size
L’article technique par CloudFlare : ►http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Contrairement à ce que dit CloudFlare, rien de spectaculaire à l’AMS-IX : https://www.ams-ix.net/technical/statistics ou au DECIX : http://www.de-cix.net/about/statistics
Précédent article sur Seenthis : ►http://seenthis.net/messages/125474
Le danger des résolveurs DNS ouverts : http://www.bortzmeyer.org/5358.html et http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html
BCP 38, ou la nécessité d’epêcher l’usurpation d’adresses IP source : http://www.bortzmeyer.org/2827.html http://www.bortzmeyer.org/3704.html