back to article Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'

The FBI's takedown of a group of prolific DDoS-for-hire websites has single-handedly helped to drop attack levels globally. This is according to a report (registration required) from distributed-denial-of-service (DDoS) mitigation provider NexusGuard, who say that both the overall number of attacks and the volume of duff data …

  1. Marketing Hack Silver badge
    Go

    Good news, but there is lots more work to be done here.

    Botnets will keep growing/being regenerated (Thanks, pointless and insecure IoT crapware industry!!) and it will increasingly move out of the U.S. if the FBI keeps turning U.S. hackers.

    1. Mark 85 Silver badge

      Re: Good news, but there is lots more work to be done here.

      Well, for the US that might be a good thing? But somewhere, somehow, the IoT crap should be required to be locked down which won't happen at least in our lifetime.

  2. Pascal Monett Silver badge

    I'd like to know

    Exactly how many pathetic little morons are there to make this DDoS-for-hire stuff viable, and who exactly are they pointing their pathetic attention at ?

    Does the FBI have the customer records as well ? I'd just love to see the face of one of those basement-dwellers when the FBI comes knocking at their door with a pair of handcuffs.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'd like to know

      Assuming it's just kids is the first mistake in tackling the problem.

      You're dealing with organised crime and nation state actors too.

  3. Neil Barnes Silver badge
    Paris Hilton

    Is it against the law to rent a ddos service and point it at its own command and control servers?

    1. Fred Flintstone Gold badge

      Is it against the law to rent a ddos service and point it at its own command and control servers?

      The challenge is verifying is the legitimacy of the resources of a DDoS provider. If they generate that through their own resources you'd be OK, but DDoS waves are typically generated by co-opting other people's resources (websites, IoT, breached machines, routers - as long as it can talk online), and in that case you're funding a criminal enterprise.

      Attacking yourself is perfectly OK, but you best accurately document the process of choosing your choice of provider so you can prove due diligence. A legit DDoS provider (if such beast exists) must be able to certify how it generates its traffic and how it ensures it remains focused on legitimate targets, and will also demand a permission form from you for the same reasons.

      1. Fred Flintstone Gold badge

        [..] process of choosing your choice [..]

        Duh. Clearly too much blood in my caffeine when I wrote this :)

  4. Anonymous Coward
    Anonymous Coward

    Seems quite simple to fix:

    Don't respond to port 1900 requests that originate outside of the current subnet ... Simple no?

    M

  5. cdrcat

    SSDP also facilitates IPv6 address scanning

    https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html

    Scroll down a bit. Also has other links about why uPNP is evil...

  6. JavaJester

    ISPs: Configure your networks properly

    "Essentially, you launch a load of small requests at a bunch of devices on SSDP UDP port 1900, spoofing the source IP address as your victim's IP address." Network operators have switches and routers that allow a packet traversal of a packet from within the network but claiming to originate from outside of the network to anywhere within their network or the public internet? How embarrassing. They should get their act together and configure their network properly. It would make launching this sort of attack using their infrastructure impossible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019