[cheald]

DDOS attacks are nothing new. The scale has increased over time, but DOS has been a constant issue for as long as people have been mad on the internet.

This attack is notable because it expsoes a single point of failure for a lot of popular sites. The long-term fix is to distribute that SPOF so it's not so tight a bottleneck. This is as easy as specifying nameservers from multiple providers, or as complex as a distributed DNS system such as namecoin.

The internet is a giant cascade of constant failures, and developing for it is an exercise in planning for failure. This isn't new - if it appears new, it's just that most engineers have done their jobs well. What will happen out of this is that the people trusting all their DNS traffic to Dyn will start trusting only half of it to Dyn, and the next time Dyn is knocked out, the people who have diversified against that contingency won't be practically affected.

[the_watcher]

That the scale of DDoS's has increased is the entire thesis of the OP.

[cheald]

They've been increasing steadily for decades. Today almost certainly isn't some new record-setting attack orders of magnitude beyond what's been seen before - it isn't the herald of a new age of attacks and the "beginning of a bleak future". Claiming such is just sensationalist garbage that belies a lack of understanding of the way the internet works and the history of DDOSes in general.

Spamhaus was historic in 2013 at 75GBPS. In 2014, Cloudflare mitigated a 400GBPS attack. The BBC attack earlier this year crested 600 GBPS. Last month, OVH was hit with a 1TBPS attack. Each of those was mind-bogglingly large at the time, and infrastructure has continued to evolve to deal with them. This attack isn't anything particularly different - it's just notable because it's visible, not because it happened.

[Bartweiss]

Have they been increasing steadily, though?

The 2013 attack was <1% of total internet traffic for its duration. The 2014 Cloudflare hit was ~2.5% of all traffic. BBC was ~3%, and OVH was ~4%. (Interpolated from Cisco here: http://www.cisco.com/c/en/us/solutions/collateral/service-pr...) Most predictions suggest that IoT attacks will grow faster than what we've already seen, and a rough estimate suggests that DDoS capacity is growing faster than legitimate capacity.

None of that means today was orders of magnitude higher - the shock factor was that it exposed a structural weakness people hadn't accounted for. But I expect this to become an increasingly significant problem as capacity increases, and moreover as that capacity becomes available to more attackers.

[cheald]

I certainly expect it to become an increasingly-significant problem, as well. I don't mean to downplay the significance of the attack. But the lesson here isn't "welp, the bad guys have won, the internet is dead", it's "don't use one DNS provider, go redundant on it just like you do on every other piece of the stack". Yeah, it's annoying, but it's not an unsolvable problem.

The reporting on this has really annoyed me because the writers writing about it have pretty consistently said that GitHub, Twitter, PayPal, etc have all been knocked offline, which is just untrue. They have unresolvable names - resolve their names and they're working just fine. The fix is improved resilience in name resolution, and it's not a terribly hard fix. Someone in the other thread noted that PornHub is managing just fine despite using Dyn DNS - because they also route half their DNS traffic to UltraDNS.

Attacks like this are certainly a big problem, and are going to become a bigger problem, but IMO, the Chicken Little sky-is-falling hysteria is unwarranted and unuseful.

[Bartweiss]

This is a great point, and I didn't mean to downplay it. As much as anything, I was interested because you offered a time/size progression of attacks and I saw a chance to study it against total traffic.

I've been really selective with the reporting I checked, and so most everything I've seen has been either BBC-bloodless ("these sites are inaccessible, because a DDoS attack happened"), or TheRegister-sophisticated (assumes the reader knows what DNS is). A quick look at what other people have been running explains your general sentiment. This isn't the end of the world, and running stories saying "IoT WILL KILL US ALL" isn't making anything better.

So fair enough: I think this is a serious issue, and today's events revealed that people haven't been properly prepared. But pitching it as something totally unpredictable is downright dishonest.

[the_watcher]

If your issue is with the sensationalist headline, I won't argue, but want to make sure to note that reporters almost never have any control whatsoever over the headline of their piece.

[the_watcher]

The visibility of the DDoS matters. It successfully took down parts of the internet used by the general consumer. An attack of that scale, that someone who has never heard of Spamhaus or Cloudflare actually noticed, is notable simply because it happened.