Interesting to see that China is ranking fairly low on the index and Vietnam so high. Really didn’t expect that.
melroy@kbin.melroy.org
on 04 Oct 2024 12:43
collapse
I got tons of DDoS attacks from China & Singapore lately (including a lot of people I know around me running servers). So maybe this is true for this specific DDoS attack, but in general this chart can't be correct. A lot of DDos is happening from Tencent cloud & Alibaba cloud as well!!!
NegativeLookBehind@lemmy.world
on 04 Oct 2024 11:11
nextcollapse
3.8 tablespoons is minuscule
dumbass@leminal.space
on 04 Oct 2024 11:31
nextcollapse
It depends, 3.8 tablespoons of water? Yeah thats a small amount, 3.8 tablespoons of fentynal? That’s enough to kill a small town.
meco03211@lemmy.world
on 04 Oct 2024 12:03
collapse
How many tablespoons of water would it take to kill a small town?
dumbass@leminal.space
on 04 Oct 2024 12:11
nextcollapse
It depends, If you’re trying to drown them, at least 5000, if you’re stabbing them, probably about 12 maybe 14, depending on quality.
5oap10116@lemmy.world
on 04 Oct 2024 13:23
nextcollapse
Depends on the solubility of fentanyl
M137@lemmy.world
on 05 Oct 2024 01:15
nextcollapse
At least two.
DarkDarkHouse@lemmy.sdf.org
on 05 Oct 2024 07:36
collapse
0
meco03211@lemmy.world
on 05 Oct 2024 12:20
collapse
Oh, I hadn’t even thought of it that way. Good call.
conciselyverbose@sh.itjust.works
on 04 Oct 2024 13:20
collapse
They have me in a weird spot, because I fundamentally don’t really like the sheer volume of information they are MITMing at all times, and don’t really like the idea of letting them do so for my small site.
But their decisions with respect to security threats pretty consistently seem well measured and as minimally invasive as they can be (eg they have intervened and rewritten content as a result of a supply chain attack, but were very transparent that it was desperate measures, that they didn’t really want to do it, and only did it by default for the free users that were most likely not to know enough to enable it themselves). They’ve also pushed back against stuff like piracy shield trying to turn them into outright surveillance for private companies.
andrew_bidlaw@sh.itjust.works
on 04 Oct 2024 15:19
nextcollapse
Their business model and size obligates them to walk carefully - they want users and clients to forget or not know they even exist and have such a leverage over them - that really helps them selling their products. I think they have top of the shelf specialists, hardware, etc and that naturally upholds their frightening monopoly. Piracy shield goes against them masquarading as invisible non-actors and puts a lot of unpaid responsibility on them.
conciselyverbose@sh.itjust.works
on 04 Oct 2024 17:00
collapse
I get all that, and that’s why I feel weird about it.
Some of the stuff they do only works well with scale, though. And I definitely think at least some other leadership groups would abuse their market position assuming that their critical mass would be very difficult to displace. If they had just agreed to piracy shield, do you really think corporate customers would be scared off?
If I was doing actual stuff state level actors care about, I might still assume they’re not “safe”, but as a normal person? The fact that pirates can use their services reasonably safely and reasonably effectively definitely gives me a level of confidence that they’re unlikely to use their position in a way that harms me, maliciously or recklessly. I have a VPS as well and will eventually use that as a tunnel instead, so it’s actually end to end encrypted and I control the keys, but their consistent pattern of behavior doesn’t make me feel that much urgency about it.
andrew_bidlaw@sh.itjust.works
on 04 Oct 2024 18:17
collapse
Yep, and I don’t disagree with you. We just somehow forgot about what bad, not shitty capitalists are. And that we can not trust them, but can somehow rely on their consistency.
‘We’d look into your shit as it passes by’ is a powerful statement that’d hurt their profits a lot, especially with corporates. That’s why MS’s Copilot is a risky gamble even with their leverage. They don’t want it at all, and these customers overshadow any of us easily.
Their scale is also why they won’t give a damn unless you violate something serious or really piss some nintendo. Small clients, millions of them, aren’t overseen by people, just ‘bots’ that can flag you for a personal review if you leave the margins and patterns of their average userbase, or if they have someone’s takedown demand. As we can’t dismantle it just now, it’s cool we can use it to further some anticap\anticenzorship goals.
lone_faerie@lemmy.blahaj.zone
on 04 Oct 2024 22:49
collapse
They lost me when they refused to do anything about Kiwi Farms. Protecting privacy is one thing, facilitating hate crimes is another.
Kbobabob@lemmy.world
on 05 Oct 2024 13:21
collapse
It’s a good thing that they’re not taking freedom of speech lightly, isn’t it? That can become unpleasant at times. This is difficult for an ISP that in principle wants to maintain net neutrality.
lone_faerie@lemmy.blahaj.zone
on 08 Oct 2024 00:52
collapse
Hate speech is not protected by freedom of speech. You can’t yell fire in a theater, you can’t plot someone’s death on the internet. And corporations don’t have to follow freedom of speech. They only refuse to step in because they either agree with what’s being said or don’t want to lose money.
nossaquesapao@lemmy.eco.br
on 04 Oct 2024 23:15
nextcollapse
According to the site, home routers and dvrs were part of the devices used. Looks like manufacturers abandoning devices without updates is becoming more and more of an issue.
That’s still 2.5k fully saturated 400mbps connections. As far as I know this kind of approach wouldn’t work since you’d easily block them - you need craploads of bots all around the world for this to not be defeated by a smart firewall.
x00za@lemmy.dbzer0.com
on 06 Oct 2024 01:32
collapse
Often a multitude of high bandwidth servers are rented using stolen credit cards.
(Source: I knew a guy that got busted by the FBI for operating one such services, he bought all the servers with stolen CCs)
threaded - newest
Interesting to see that China is ranking fairly low on the index and Vietnam so high. Really didn’t expect that.
I got tons of DDoS attacks from China & Singapore lately (including a lot of people I know around me running servers). So maybe this is true for this specific DDoS attack, but in general this chart can't be correct. A lot of DDos is happening from Tencent cloud & Alibaba cloud as well!!!
3.8 tablespoons is minuscule
It depends, 3.8 tablespoons of water? Yeah thats a small amount, 3.8 tablespoons of fentynal? That’s enough to kill a small town.
How many tablespoons of water would it take to kill a small town?
It depends, If you’re trying to drown them, at least 5000, if you’re stabbing them, probably about 12 maybe 14, depending on quality.
Depends on the solubility of fentanyl
At least two.
0
Oh, I hadn’t even thought of it that way. Good call.
Idk, a tablespoon is the largest spoon-based unit
The poop spoon is bigger.
I wonder how many tablespoons of electrons 3.8Tb/sec over the time of the attack actually is
Agree. I had that much garlic last night
.
<img alt="" src="https://lemmy.ml/pictrs/image/1dd8998e-eb43-44b2-9214-5a3d0e65afc6.gif">
Direct from the Cloudflare Blog
I find their write ups to be fascinating.
They have me in a weird spot, because I fundamentally don’t really like the sheer volume of information they are MITMing at all times, and don’t really like the idea of letting them do so for my small site.
But their decisions with respect to security threats pretty consistently seem well measured and as minimally invasive as they can be (eg they have intervened and rewritten content as a result of a supply chain attack, but were very transparent that it was desperate measures, that they didn’t really want to do it, and only did it by default for the free users that were most likely not to know enough to enable it themselves). They’ve also pushed back against stuff like piracy shield trying to turn them into outright surveillance for private companies.
Their business model and size obligates them to walk carefully - they want users and clients to forget or not know they even exist and have such a leverage over them - that really helps them selling their products. I think they have top of the shelf specialists, hardware, etc and that naturally upholds their frightening monopoly. Piracy shield goes against them masquarading as invisible non-actors and puts a lot of unpaid responsibility on them.
I get all that, and that’s why I feel weird about it.
Some of the stuff they do only works well with scale, though. And I definitely think at least some other leadership groups would abuse their market position assuming that their critical mass would be very difficult to displace. If they had just agreed to piracy shield, do you really think corporate customers would be scared off?
If I was doing actual stuff state level actors care about, I might still assume they’re not “safe”, but as a normal person? The fact that pirates can use their services reasonably safely and reasonably effectively definitely gives me a level of confidence that they’re unlikely to use their position in a way that harms me, maliciously or recklessly. I have a VPS as well and will eventually use that as a tunnel instead, so it’s actually end to end encrypted and I control the keys, but their consistent pattern of behavior doesn’t make me feel that much urgency about it.
Yep, and I don’t disagree with you. We just somehow forgot about what bad, not shitty capitalists are. And that we can not trust them, but can somehow rely on their consistency.
‘We’d look into your shit as it passes by’ is a powerful statement that’d hurt their profits a lot, especially with corporates. That’s why MS’s Copilot is a risky gamble even with their leverage. They don’t want it at all, and these customers overshadow any of us easily.
Their scale is also why they won’t give a damn unless you violate something serious or really piss some nintendo. Small clients, millions of them, aren’t overseen by people, just ‘bots’ that can flag you for a personal review if you leave the margins and patterns of their average userbase, or if they have someone’s takedown demand. As we can’t dismantle it just now, it’s cool we can use it to further some anticap\anticenzorship goals.
They lost me when they refused to do anything about Kiwi Farms. Protecting privacy is one thing, facilitating hate crimes is another.
What do you mean?
blog.cloudflare.com/kiwifarms-blocked/
They only did that after A LOT of backlash. Their initial stance was to do nothing. This article sums it up really well:
theverge.com/…/cloudflare-kiwi-farms-content-mode…
It’s a good thing that they’re not taking freedom of speech lightly, isn’t it? That can become unpleasant at times. This is difficult for an ISP that in principle wants to maintain net neutrality.
Hate speech is not protected by freedom of speech. You can’t yell fire in a theater, you can’t plot someone’s death on the internet. And corporations don’t have to follow freedom of speech. They only refuse to step in because they either agree with what’s being said or don’t want to lose money.
According to the site, home routers and dvrs were part of the devices used. Looks like manufacturers abandoning devices without updates is becoming more and more of an issue.
That’s “just” 3800 times my home capacity. Is this really that easy to build a botnet?
It’s terabits, not gigabits :)
Symmetrical connections are not that common so pulling this much upload from infected machines seems impressive.
Yeah. In developped countries you can expect at least 400Mbps thanks to fiber connections
That’s still 2.5k fully saturated 400mbps connections. As far as I know this kind of approach wouldn’t work since you’d easily block them - you need craploads of bots all around the world for this to not be defeated by a smart firewall.
Often a multitude of high bandwidth servers are rented using stolen credit cards.
(Source: I knew a guy that got busted by the FBI for operating one such services, he bought all the servers with stolen CCs)
Cannot confirm
Cries in Australian