Staminus Blog

Articles, Thoughts, and Speculations from the Staff

White Hat Security Statistics Report Shows Vulnerabilities to DDoS and More

By | Blog, Tech News | No Comments

WhiteHat Security Founder & CTO Jeremiah Grossman recently provided a neat infographic outlining the top vulnerability methods for websites, which for us shows a lot of room to grow in DDoS protection. We wanted to share it with you as it illustrates just how far we have to go in securing the web. What’s amazing to me is that 29% of websites are likely vulnerable to brute force! Open source firewalls like iptables are able to stop this using modules like conntrack, recent, and hashlimit. Most brute force attacks can be stopped without deep packet inspection. Incidentally, a basic level of DDoS protection can also be provided using these modules. After all, DDoS attacks are a type of brute force attack. The best part, the tools are free! You just need the hardware. With advancements in CPUs and network stacks, you can easily achieve millions of packets per second in iptables.

Insufficient transport security at 70% and Information leakage at 56% are not at all surprising. This is a great infographic for all website administrators. Take this and keep it pinned to your desktop. You can see the full report by visiting the WhiteHat Security website. Thanks Jeremiah for the great resource.

DE-CIX Reaches 4.080 Tbps of Peering Traffic

By | Blog | No Comments
CFYA3aLWAAAlRZ9 (1)

Image Courtesy of DE-CIX

DE-CIX announced Tuesday that it had reached 4.080 Tbps on its peering platform this last Sunday. That’s quite an impressive number. The sheer volume of that traffic is immense and gives scope to the number of people conducting business and their daily lives on the Internet. Tied in with the millions who are contributing to that traffic, it also touches on the need for us to address cyber security that scales with the huge volume of use. With a growing Internet, we have a growing problem of intrusions, distribution of malware, viruses, botnets, an increase in spam and DDoS attacks.

It’s becoming ever more important for companies to connect to a peering platform to increase their connectivity across the world for performance and security. I commend DE-CIX on a wonderful job promoting their peering exchange and wish them the best for their New York exchange, which we are proud to be a part of. We look forward to connecting to more peers! Let the DDoS flow, we’ll protect against it with DE-CIX’s help.

-Matt Mahvi, CEO

 

david-lat (1)

Sanctions and Cyber Attacks: 2015 Brings Changes for DDoS

By | Blog | No Comments

The Obama administration recently launched a program to aid in the battle against overseas cyber criminals. Under the newly signed executive order, those cyber criminals can be sanctioned, having their assets and other financial transactions frozen. The order focuses on foreign nationals that launch cyber attacks that threaten U.S. interests. The program is fairly broad, and like many anti-terrorism laws, highly discretionary. The federal government is pulling out the stops to help the onslaught of what feels like a global cyber war on Western companies. Many have been crying for federal help. This is a step in that direction.

For many around the world, cyber security (especially DDoS mitigation) companies and the field of information security, this has very important ramifications. The potential overreach and compliance issues can have dramatic impact.

Read More

schoolsblog (1)

Academic Testing and DDoS: Why Schools Are Taking Hard Hits This Spring

By | Blog | No Comments

We’ve seen a new crop of DDoS attacks against school districts and universities this spring, to such an extent that many of these organizations are rescheduling their testing of students entirely. Notably amongst these have been  Minnesota’s Department of Education, and again this week at Rutgers University, with the latter outage persisting through the weekend into the next week. It’s not confined to any particular region either, as we’re seeing things crop up in California, Colorado, Ohio, and other states.

But why the sudden onslaught? Sure, it’s testing season, and if the opportunity rises to cancel an exam, a student might be sorely tempted to make that happen. To some, it’s no different than pulling a fire alarm to burn time and in some respects, that’s exactly what it is. However, it doesn’t account for the frequency in comparison to the years prior, where DDoS was just as doable for an internet savvy student. Everything from YouTube instructions to walkthroughs have existed purely for this purpose for a few years now.

While we’ve covered the how and why of DDoS-ing schools and universities in a previous blog post, we thought it was interesting to revisit just how much we’ve seen it happening this year so far. We think the answer is likely simple,  and surprisingly not technical. Convenience and awareness. Read More

firewall2-01 (1)

The Great Firewall of China: Fears Realized

By | Blog, Tech News | No Comments

A couple of months ago, I wrote an article about how the Great Firewall of China, due to a code glitch, ended up sending out massive DDoS attacks. This obviously spells danger if it falls into the wrong hands and is misused. Last week, GitHub fell prey to a large DDoS attack that caused intermittent issues with their service for over four days. What was this DDoS attack all about? Why did it happen?

Read More

SNMP Attacks: The Big Thing of Today

By | Blog | No Comments

servers-01 (1)

First, there was DNS. Open DNS resolvers were exploited to generate massive DDoS attacks. Over time, most of these open DNS resolvers were patched so that they would not reply to unknown DNS requests. Then, there was NTP. Just like DNS, but at a much larger amplification factor, DDoS attackers were able to generate very large attacks. And just like DNS, over time exploitable NTP servers were mostly patched, making it significantly harder to generate the huge attacks that were wreaking havoc on the Internet. Although DNS and NTP amplification attacks still exist, they are much harder to execute and are nowhere near as large as they used to be. But now, SNMP amplification attacks are on the rise.

Read More

transit blog-01 (1)

Service Providers and DDoS

By | Blog, Tech News | No Comments

Most often when we hear about DDoS, we focus on the target of the attack. The target is generally going to be someone providing an application service to the world – such as a video game, a website, a VoIP server, or other publicly desired service. This could be on one server for a small player in the space or it could be spread across thousands of servers for someone like Sony. In both cases, the service can be dramatically affected with the right kind of DDoS attack. The service providers that carry the traffic very seldom are concerned about the DDoS as they’re simply conduits on the Internet connecting one network to another. They carry traffic and deliver it to its destination on demand. They have sufficient capacity to do this.

But what happens when they don’t? What happens when the carrier is crushed by the sheer power of the attack? If an attack is sufficiently large, can it actually impact a service provider or carrier? More importantly, what happens when the carriers are the culprits of the DDoS attack, being used against their will to engage in widespread nefarious activities?

Read More

ipv4 blog

IPv4, IPv6 and DDoS, Part 1: How IPv4 Works

By | Blog, Tech News | No Comments

Just about everyone has heard of an IP address, and most people have some basic knowledge of what an IP address is. 192.168.1.1 is the standard gateyway that home routers use, for example. The first time you go to configure a home router, you put that IP address into your web browser. The format WWW.XXX.YYY.ZZZ is known as IPv4 format. The total number of IPs in the IPv4 IP space is 2^32 power. That sounds like a lot, but it’s really not. IPv4 depletion, as it’s known, refers to the fact that the world is running out of IPv4 IPs to give out to people. Currently, there’s less than 1% of the total IPv4 IP space left. Read More