[cheald]

They've been increasing steadily for decades. Today almost certainly isn't some new record-setting attack orders of magnitude beyond what's been seen before - it isn't the herald of a new age of attacks and the "beginning of a bleak future". Claiming such is just sensationalist garbage that belies a lack of understanding of the way the internet works and the history of DDOSes in general.

Spamhaus was historic in 2013 at 75GBPS. In 2014, Cloudflare mitigated a 400GBPS attack. The BBC attack earlier this year crested 600 GBPS. Last month, OVH was hit with a 1TBPS attack. Each of those was mind-bogglingly large at the time, and infrastructure has continued to evolve to deal with them. This attack isn't anything particularly different - it's just notable because it's visible, not because it happened.

[Bartweiss]

Have they been increasing steadily, though?

The 2013 attack was <1% of total internet traffic for its duration. The 2014 Cloudflare hit was ~2.5% of all traffic. BBC was ~3%, and OVH was ~4%. (Interpolated from Cisco here: http://www.cisco.com/c/en/us/solutions/collateral/service-pr...) Most predictions suggest that IoT attacks will grow faster than what we've already seen, and a rough estimate suggests that DDoS capacity is growing faster than legitimate capacity.

None of that means today was orders of magnitude higher - the shock factor was that it exposed a structural weakness people hadn't accounted for. But I expect this to become an increasingly significant problem as capacity increases, and moreover as that capacity becomes available to more attackers.

[cheald]

I certainly expect it to become an increasingly-significant problem, as well. I don't mean to downplay the significance of the attack. But the lesson here isn't "welp, the bad guys have won, the internet is dead", it's "don't use one DNS provider, go redundant on it just like you do on every other piece of the stack". Yeah, it's annoying, but it's not an unsolvable problem.

The reporting on this has really annoyed me because the writers writing about it have pretty consistently said that GitHub, Twitter, PayPal, etc have all been knocked offline, which is just untrue. They have unresolvable names - resolve their names and they're working just fine. The fix is improved resilience in name resolution, and it's not a terribly hard fix. Someone in the other thread noted that PornHub is managing just fine despite using Dyn DNS - because they also route half their DNS traffic to UltraDNS.

Attacks like this are certainly a big problem, and are going to become a bigger problem, but IMO, the Chicken Little sky-is-falling hysteria is unwarranted and unuseful.

[Bartweiss]

This is a great point, and I didn't mean to downplay it. As much as anything, I was interested because you offered a time/size progression of attacks and I saw a chance to study it against total traffic.

I've been really selective with the reporting I checked, and so most everything I've seen has been either BBC-bloodless ("these sites are inaccessible, because a DDoS attack happened"), or TheRegister-sophisticated (assumes the reader knows what DNS is). A quick look at what other people have been running explains your general sentiment. This isn't the end of the world, and running stories saying "IoT WILL KILL US ALL" isn't making anything better.

So fair enough: I think this is a serious issue, and today's events revealed that people haven't been properly prepared. But pitching it as something totally unpredictable is downright dishonest.

[the_watcher]

If your issue is with the sensationalist headline, I won't argue, but want to make sure to note that reporters almost never have any control whatsoever over the headline of their piece.

[the_watcher]

The visibility of the DDoS matters. It successfully took down parts of the internet used by the general consumer. An attack of that scale, that someone who has never heard of Spamhaus or Cloudflare actually noticed, is notable simply because it happened.