- Anti-Trump bros Ed and Brian Krassenstein get kicked off Twitter Thursday 8:07 PM
- Amazon is trying to solve pushback on facial recognition software with a web form Thursday 6:56 PM
- T.I. says Nipsey Hussle’s death was ‘like losing Iron Man’ Thursday 6:32 PM
- Facebook banned billions of fake accounts in the first 3 months of this year Thursday 5:49 PM
- Twitch streamer gets banned for drunkenly passing out during broadcast Thursday 5:00 PM
- WikiLeaks’ Julian Assange indicted under Espionage Act Thursday 4:39 PM
- These doctored videos want to make you think Nancy Pelosi is always drunk Thursday 4:02 PM
- A robot could soon be delivering your packages from a self-driving car Thursday 3:29 PM
- Bipartisan anti-robocall bill overwhelmingly passes Senate Thursday 2:40 PM
- Deepfake-style videos can now be made with just a single image Thursday 1:57 PM
- The Lonely Island’s ‘Bash Brothers’ is what Netflix should be doing with short-form comedy Thursday 1:55 PM
- ‘Green dress lady’ proves green screen memes are still going strong Thursday 1:45 PM
- ‘Bowling alley strike screen’ memes are bizarre and wonderful Thursday 12:40 PM
- TikTok star Mohit Mor shot and killed Thursday 12:00 PM
- Stephen A. Smith is baby Thursday 11:43 AM
So much DDoS!
We hear about distributed denial-of-service (DDoS) attacks all the time. Now, thanks to a new map, we can see how often these attacks occur, who’s getting targeted, and who’s doing the attacks.
The map, called IPViking Live, comes from a company called Norse that specializes in monitoring malicious online activity. The map is not comprehensive; it shows “a small subset” of DDoS attacks aimed at servers that Norse has set up as dummy targets. These “honeypots” collect information about the automated attacks that stream in from countries like China, Thailand, and Russia. Hovering over a location will show you attacks originating from that site.
After leaving the map open in a browser for about ten minutes, we noticed some interesting things about the results. The majority of attacks originate in China, and the vast majority are targeted at the United States—as you might expect. But the U.S. and Canada are nearly as often the originating country of DDoS attacks.
Much of the activity from China can be attributed to organized professional operations, but the attacks coming from North America likely originate from computers that were sucked into botnets. These American and Canadian machines are being controlled remotely, probably from China or Russia, and aimed at other computers in North America in massive DDoS waves.
DDoS attacks essentially flood computer servers with far more traffic than they can handle, effecitvely knocking them offline so other people cannot access the websites or online services they power.
In addition to location, Norse’s IPViking map breaks down the attacks by type. We saw numerous attacks targeting the “db-lsp-disc” protocol, which is used by Dropbox’s LanSync Discovery feature. Other common targets were “microsoft-ds,” a.k.a. Port 445; “ha-cluster,” which refers to high-availability clusters meant to guard against DDos strikes; and “isakmp,” the Internet Security Association and Key Management Protocol.
Screenshot via IPViking Live
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.