Why Computer Talents Become Computer Hackers



The 300Gbps March DDoS attack

Subject of the last week, still echoing around, could not be other than the internet war between spam fighters Spamhaus and spam criminals, mainly hosted at CyberBunker. Huge loads of data being created and sent with one single objective: disrupt a company’s service.

CloudFlare, hired to protect Spamhaus, took a ride on the F.U.D. rollercoaster with a self-marketing “Damn! We Are Good!!” post.

They really made all the efforts to explain how they are able to defend clients using cloud-multi-routing-anycast concepts and how our connected lives have been in danger during all these days.


The Attack – according to CloudFlare

One thing is: they really managed to protect Spamhaus.

But, in the other hand, the “biggest attack of all internet history” only truly affected their client, not the Internet, not the Matrix, nor the City of Machines or all existence, as their blog announces.

Gizmodo published one of the first “hold your horses” statements with other side of the story, on Thursday.

We also had Bill Brenner saying pretty much the same thing, one day later.

Being able to browse internet using South and North American internet networks during all those days, and not feeling a single problem, I couldn’t agree more with them.


The Attack – according to the rest of internet

In the end, what I really enjoyed was the amount of thoughts, tips, documents, and incident response discussions at forums that took place.

I’ve been trying to get together all valuable stuff derived from these debates to post here as future reference.

My intention is to concentrate good information and guides I saw around, new or old, but relevant to this kind of attack, from monitoring to response, prevention, preparation and so on.

Basic Definitions:

Real-time info about problems:

Protection tools and configurations:

Incident Response preparation guides:

  • Societe Generale’s CSIRT Cheat Sheet
  • D/DoS Incident Response Plan/Runbook (docx format)
  • Radware ‘survival’ ‘handbook’ – Ok, you can’t use that to survive, but it has good historical information and a sample of an IT admin diary during his first experience with a similar problem. Too bad he ends that experience suddenly.

Cybercrime Laws

This is a work in progress! If you have good reading on this subject to suggest, send me a comment!