There has been a wave of skepticism about the severity of this month's "biggest ever" denial-of-service attack — that a fight between website hosts and spam fighters may or may not have sunk the DNS servers that run the entire Internet — and, well, it's OK to be a little scared of the enormity of this thing. Just not that scared. The New York Times's source compared the DDoS attacks to "nuclear bombs," while the BBC quoted the head of the spam company, Spamhaus, as claiming that their attacks would be strong enough to bring down a major government's Internet infrastructure "instantly." Gizmodo and Venture Beat both countered with no-big-deal posts, with Gizmodo's Sam Biddle going so far as to call the "Internet War Apocalypse" a "lie." Not everyone agrees. So, if even the tech nerds are fighting over the fight that maybe slowed down the whole Internet, how should regular Internet users approach this thing? Like this:
Think Local, Not Global
The "nuclear bomb" analogy seems to have paint a picture that this DDoS attack leveled the entire web, and world-wide. That's not what happened. Parts of the Internet, however, did see some down time as a result of the attack. The Verge's Russell Brandom pointed to the following chart showing a dip at the London Internet Exchange, which is legally designated as "critical infrastructure":
Akamai's Real Time Global Web Monitor also showed congestion Wednesday in The Netherlands, where this whole fight originated, and in the U.K, per this chart:
A Sophos analyst also confirmed these European outages to ZDNet. And, according to Naked Security, there were reports of 21.7 million insecure/misconfigured DNS servers on the IPv4 yesterday. So, some people did see a slow down in their usage yesterday. Those people just don't live in America, where a lot of the scary media reports originated.
Be Scared in Theory, Not in Practice
That "biggest ever" 300gbps figure is a "massive amount of bandwidth to a single enterprise or service," as a spokesperson for NIT, a tier 1 Internet operator, told Biddle. And it is the biggest ever, which does mean something — these hacks are getting more serious, as this Arbor Network chart of previous DDoS attacks shows:
But the DNS servers that run much of the Internet can handle something like that. Even the LINX dip from above managed okay, as The Verge's Brandom explains: "The web is built on redundancy, so the extra terabyte-per-second of bandwidth could be spread across the network without any catastrophic failures."
Still, there is a reason for a little bit of alarmism: "The wake-up call for telecoms is real," Brandom writes. "There's never been a DDoS attack against an internet exchange before, and exchanges aren't set up to protect against them." As we pointed out yesterday, there is also a reason these DDoS attacks are possible in the first place, and it comes in the form of a security hole, which has to do with Open DNS resolvers, as opposed to closed ones.
Give in, Because There Is Nothing You Can Do
You might as well going on Internetting as usual, to be honest. For the hyper nervous users out there, though, this particular issue doesn't sound that hard to fix. CloudFare, the anti-DDoS firm Spamhaus enlisted to ward off the attack, suggests closing up these "openings." NakedSecurity's Chester Wisniewski reiterates this point: "If you are an administrator of DNS services, it is critical that you configure your recursive name servers to only reply to your own network." Of course, the specific type of "reflection" DDoS attack is just one of the many possible ways to take down the Internet. But the hyper-awareness for this "biggest ever" attack might encourage higher security standards in the future. Still: Relax.