1. template
1.1. Main Source
1.1.1. the post
1.2. Points
1.2.1. Victoria Secret created self-inflicted DDoS
1.2.1.1. It was also a demonstration of an inherent weakness of the Internet and the architectures employed to serve up data. So many people attempted to view the Victoria’s Secrets models strut down the runway that the servers failed.
1.2.1.2. ref
1.2.1.3. Victoria’s Secret case could be considered friendly fire
1.2.2. defining moments in the development of DDoS as a weapon
1.2.2.1. In 2003 Barrett Lyon was 25 years old
1.2.2.2. worked IT company who had a client that needed up-to-date sports info
1.2.2.2.1. The client was in the business of gathering and disseminating sports information. They provided the up to the minute data used by Las Vegas casinos in their book making operations where gamblers place bets on game scores and even detailed performance of individual athletes. Having reliable Internet access was critical to them. Agents in the field would report every detail of even amateur sports events. Every pitch, every play would be reported by an army of sports data specialists. These results would be displayed on big boards within the casinos where gamblers could bet on any aspect of the games.
1.2.2.3. gather and disseminate
1.2.2.3.1. online gambling
1.2.2.4. threats from Eastern hackers
1.2.2.5. first threat - encryption ransom
1.2.2.5.1. received a threatening email, written convincingly in broken English, informing them that hackers had infiltrated their systems and encrypted their database of sports information, demanding that they pay thousands to obtain the key to decrypt the data.
1.2.2.5.2. backing up their data and had no problem at all just restoring the critical information
1.2.2.6. Lyon redesigned arch to resist 2nd threat of DDos, which duly came
1.2.2.6.1. Barrett helped his client quickly bolster their defensive posture. The key was to have robust web servers, gateway devices that could filter attacks, and lots and lots of available bandwidth. Within days the hackers did indeed attempt a Denial of Service attack; and, thanks to Barrett’s new architecture, the attack was thwarted.
1.2.2.7. why does it work?
1.2.2.7.1. ping flood
1.2.2.7.2. SYN attack
1.2.2.7.3. bot approach
1.2.2.7.4. also crowdsourcing
1.2.2.8. reputation grew
1.2.2.8.1. development of effective DDoS defenses
1.2.2.8.2. began to get requests from a very specific niche industry: online gaming sites
1.2.3. onine gambling
1.2.3.1. Super Bowl XXXVIII in 2004
1.2.3.1.1. biggest day of the year for sports betting sites in the US is Super Bowl Sunda
1.2.3.1.2. gaming sites began to receive extortion emails from Eastern Europe.
1.2.3.1.3. The letters said in effect: pay us $30,000 via Western Union by some date or we will take you offline.
1.2.3.2. DDoS hosting defense
1.2.3.2.1. why
1.2.3.2.2. hosting
1.2.3.2.3. takedown as well
1.2.3.2.4. architecture
1.2.4. Achilles heel of web infrastructure DNS
1.2.4.1. attackers have recognized and attacked
1.2.4.2. what it does
1.2.4.2.1. The Internet is based on protocols that use source and destination packets to route traffic. When a web address, a URL, is entered into a web browser there has to be some way to translate www.threatchaos.com to 72.47.228.221, its IP address, before packets can be exchanged and a visitor can see a web page.
1.2.4.3. the DNS is a layer of servers all over the world that provide that function.
1.2.4.4. DNS details
1.2.4.4.1. There are multiple tiers to the DNS. The Top Level Domains (TLD) are .com, .net, .gov, .edu, and the many country codes such as .ee for Estonia, and .uk for the United Kingdom. Each of these top level domains is supported by different organizations. When you type www.threatchaos.com in to the URL window of your browser you generate a request to the .com TLD server (hosted by Verisign in over 400 data centers around the world.) That server replies with the IP address of the name server that is responsible for keeping track of all of the IP addresses associated with the domain Threatchaos.com. Your browser quickly checks with that server (NS1.MEDIATEMPLE.NET at 64.207.129.18) which promptly directs you to www.threatchaos.com.
1.2.4.5. owner of a web site may not own the DNS server that provides the critical function of pointing at the web site.
1.2.4.6. In other words, an attacker could target the DNS server and effectively take down the web site. The problem is compounded because a DNS server often provides name service for hundreds, even thousands, of separate domains.
1.2.4.7. helped some other online stores to prevent DNS attacks at Christmas?
1.2.4.7.1. In other words, an attacker could target the DNS server and effectively take down the web site. The problem is compounded because a DNS server often provides name service for hundreds, even thousands, of separate domains.
1.2.5. BGP
1.2.5.1. naked under belly of the Internet.
1.2.5.2. decentral
1.2.5.2.1. The Internet is a marvel of self organization with many components that work seamlessly on top of each other
1.2.5.3. layered architecture
1.2.5.3.1. Web servers, layers of protocols, social networks, and routing infrastructure, all work together to provide a communication, business, and social platform that is fueling change in society and the world of commerce. But those underlying components were designed and deployed before today’s threats were apparent.
1.2.5.3.2. big idea
1.2.5.4. There is a weak link in the way the Internet is architected.
1.2.5.4.1. It is the underlying routing protocol. This weak link is well known by aggressors but has not been exploited in an overt malicious act. Yet.
1.2.5.5. pakistan incident
1.2.5.5.1. On February 24th, 2008 an engineer at an ISP in Pakistan removed YouTube from the Internet. He did this in response to a government decree. His intention was to follow the letter of the law and block access to YouTube from within Pakistan.
1.2.5.5.2. choose to do this by playing with routing protocol
1.2.5.5.3. BGP to announce which IP addresses it controls to the rest of the routers on the Internet
1.2.5.5.4. The engineer at PIENet loaded a new route into his router that said the small block of addresses that contained the IP address of www.youtube.com were controlled by him.
1.2.5.5.5. Those requests were so numerous that it flooded the links to Pakistan to such an extent that Pakistan was effectively knocked off the Internet as well.
1.2.5.5.6. Thanks to Barrett Lyon the YouTube outage was repaired by the end of that fateful Sunday.