Hacker News new | ask | show | jobs
by user5994461 2079 days ago
>>> A few connections per minute hardly classify as abuse in any reasonable sense of the word.

The tools is precisely advertised to be able to send 10M packets per second, to scan all internet or all ports quickly.

As a security professional, I wouldn't be surprised if someone runs this at home with gigabit fiber and DDoS the machines/networks they are testing.
3 comments
raesene9 2079 days ago
I'd guess they'll take our their home connection's networking kit at 10M pps before they take out the target server(s). Tools like massscan generally send 1-2 packets per port, so a target host just has to deal with < 130k packets, even assuming no intermediate firewalls are dropping the traffic to unused ports.

Also, minor nit, if it's just one machine doing the scanning, that's a DoS, not a DDoS :)

link
wil421 2079 days ago
What if you sent 1-2 packets several times in a row to Apple’s entire IP range?
link
gallexme 2079 days ago
Then u send 1-2 packets to apples entire ip range, there's not much harm done, the tool doesn't send packets to one and another, it partitions the whole ip list and sends it in random order so that not a single endpoint gets hirt hard , usually a single machine can handle easily 100k packets per second, they not hitting an application most of the time at all, they incomplete tcp packets, and just check for existence, they not sending a a huge chunk of packets repeatedly
link
wil421 2079 days ago
I am not sure I would trust sending 16,777,216 packets to Apple several times in a row. Especially a company with a legal team as large as apple.

What is the difference between this tool and the drive by DDoS "testing" tools you can pay to use online. They seem identical to this tool except Masscan stops after the first try.

link
gallexme 2079 days ago
I'm sure ur already sending 10k+ packets from just casually browsing their website, albeit they would be a lot bigger than massscans(which is a couple of bytes), vs http (a couple of million bytes(assuming the website isn't plain teyt)
link
foota 2079 days ago
That's a completely trivial level of traffic at scale. I can almost guarantee this wouldn't even flag an alert, much less be investigated by legal.
link
wil421 2079 days ago
If you read these comments organizations are threatening legal action and reports to law enforcement.

https://github.com/robertdavidgraham/masscan/blob/master/dat...

link
rndgermandude 2079 days ago
The difference this this tool is a hammer and like any tool the operator is responsible to use it safely and appropriately, while the botters are people advertising that they got a hammer, and are willing and eager to bludgeon people to death with it for some money.
link
wil421 2079 days ago
Your comment makes the most sense.

Where would the line between abuse and curiosity be? If you were the target of an overzealous company how can you make the distinction?

link
rblatz 2079 days ago
Apple wouldn’t even notice. For example recently there was an article here about 5 hackers that spent 3 months attacking Apple (white hat) and Apple seemed unaware until the bug reports were sent in.
link
gallexme 2079 days ago
Ddos tools usually use amplification, instead of sending 1:1 bytes (that is u sending 1 byte and receive 1 byte as answer) They may query a database instead which a 30 byte search query results in couple thousand bytes of results + the load on the database

It would be expensive to just use raw network power to overwhelm a web service(u would need more bandwidth than the host)

Meanwhile with amplification u only need a 10th or less

Here an example https://www.imperva.com/learn/ddos/dns-amplification/

link
raesene9 2079 days ago
Whilst I have no inside information on Apple, I'm pretty sure that'd be a tiny portion of the traffic they see daily. They may blackhole you just to cut down the noise, but frankly given the level of DDoS they'll get regularly, I doubt they'd bother.

For one very quick stat "The average size of DDoS attacks was at the mindblowing 26.37 GBps in Q2 2018"

link
user5994461 2079 days ago
You got your units wrong. 26 GBps (208 Gbps) would be among the largest attacks recorded in history. Maybe you meant to say 26 Gbps which is 8 times less, but even that is a very large and notable attack, hardly any company could withstand it outside of CDN and big tech.
link
raesene9 2079 days ago
that's a direct copy/paste from the first article on DDoS size I saw https://hostingtribunal.com/blog/ddos-statistics/ , I wasn't going for deep research, just making a point about massscan from one host not really representing a serious concern for someone like Apple.
link
eptcyka 2079 days ago
If you have something listening on a port that can fall over by someone opening and closing a TCP connection, maybe that special something shouldn't be listening for things on the internet.
link
nix23 2079 days ago
>runs this at home with gigabit fiber and DDoS the machines/networks they are testing

Yes i do that and i test my own routers with it.

link