Today's Brutal DDoS Attack Is the Beginning of a Bleak Future (opens in new tab)

Dyn, Inc. is toast. They created a central point of failure for the Internet. Major sites will stop using their services within hours.

Things need to get more distributed. Don't load Jquery from some central site. Don't load fonts from Google. Make sure your site will work if all the trackers and ad sites are not responding. Use multiple independent DNS providers.

It's also time for serious litigation. Find some vulnerable IoT device being used for the attack, and sue the retailer, distributor, and manufacturer for negligence. Junk IoT manufacturers need to feel fear.

DDOS attacks are nothing new. The scale has increased over time, but DOS has been a constant issue for as long as people have been mad on the internet.

This attack is notable because it expsoes a single point of failure for a lot of popular sites. The long-term fix is to distribute that SPOF so it's not so tight a bottleneck. This is as easy as specifying nameservers from multiple providers, or as complex as a distributed DNS system such as namecoin.

The internet is a giant cascade of constant failures, and developing for it is an exercise in planning for failure. This isn't new - if it appears new, it's just that most engineers have done their jobs well. What will happen out of this is that the people trusting all their DNS traffic to Dyn will start trusting only half of it to Dyn, and the next time Dyn is knocked out, the people who have diversified against that contingency won't be practically affected.

It seems like some eyeball and distribution networks should get together and run a private subset of the Internet, with good filtering (BCP38 style), etc. internally. You could get pretty good coverage with just ~10 eyeball networks in the US, a few cloud providers, and maybe some key infrastructure. Operate normally most of the time, but when under attack, be able to fall back to just vetted networks, transports, and routes, at least temporarily. Then have a limited number of hardened gateways, the way NIPRnet does with the civilian commercial Internet, which are used in intermediate-level attacks.

Opt-in, maybe have an association run it (like an IX, but without the expensive dinners and dues and general activism which inflates IX budgets), etc. This would do more for "critical infrastructure protection" than anything DHS/NSA/FBI have ever done.

Why are Gizmodo articles even getting upvoted here? They are always sensational and low information density.

Twitter and GitHub have been down for me for a while now.

It occurred to me today that since certain sites have been down, it's forced me to use other sites which are still up. As if someone is forcing all my communication and activities to go through "approved" channels.

Just put DDoS attacks at same level as terrorism.

Highly uninformative article.

Said the clickbait. Bleak future indeed!

I Heard this after heartbleed too. No, it is not a beginning. Neither a bleak future. Maybe for bigco.