Welcome to Tencent Cloud + community, get more Tencent mass technology practice dry goods oh ~
This article is published by Tencent Game Cloud in cloud + community column
You’re watching the World Cup on your couch. What are hackers doing?
Late at night, when that little football on the television screen tugs at the heartstrings of millions, guess what hackers are doing?
Hackers have not been idle.
In the early hours of June 29, millions of football fans are putting down their crayfish, gripping their beer mugs and holding their breath as the Three Lions of England take on the Red Devils of Belgium.
Just at this moment, Tencent cloud DNSPOD service, which provides domain name resolution service for thousands of users, is under a large traffic DDoS attack. Fortunately, Tencent cloud’s new generation of high defense system successfully defended.
The first thing we need to understand is, what the hell is domain name resolution?
Domain name resolution, in simple terms, is the translation of a famous landmark into a physical address, for example, “big Pants”, after domain name resolution, “Beijing Chaoyang District east third Ring Road 32”. For another example, if netizens want to visit Qq.com to read news, they just need to remember www.qq.com and type the address in the browser. Then the domain name resolution will translate www.qq.com into the IP address of qq.com’s server. Obviously, www.qq.com is much easier to remember than an IP address composed of a bunch of numbers. Netizens are responsible for remembering “qq.com”, and domain name resolution is responsible for dealing with the long list of IP addresses behind “qq.com”.
Once the DNS system fails, a large number of network requests will not know their destination, and the whole online world will be thrown into chaos.
On October 21, 2016, DYN, an American domain name resolution service provider, was hit by a massive DDoS attack with up to 800 GIGABytes of traffic, causing half of the Us to lose Internet access. Amazon, Twitter, Github, Spotify, Netflix, Etsy and Reddit are all down, down, down, down.
The attack on Tencent’s CLOUD DNSPOD system peaked at 560 gigabytes, 70 percent of the peak of the attack in 2016 that caused half of the United States to go offline. The attack lasted nearly six hours. Relying on the powerful protection capability of Gundam on the new generation of high defense system of Tencent Cloud, the whole protection process is not alarming.
Who is to blame for this incident?
In this attack, hackers comprehensively used a variety of attack methods, including DNS reflection, ICMP large packet attack, UDP fragment attack, ICMP fragment attack, SYN packet attack, and so on. The captured attack traffic came from as many as 148 countries, that is, IP addresses of more than 2/3 countries in the world participated in this attack. 94% of IP comes from outside China. It’s a world war in cyber space.
What’s more interesting is that after analyzing the attributes of the captured attack sources, 94% of the attack sources turned out to be a router!!
Yes, you read that right. It’s a router.
Analysis revealed that the attack was carried out by the notorious “Hajime “botnet. Specifically, Mikrotik RouterOS, an eastern European operating system widely used in sme networks, is part of a “Hajime “botnet because of remote execution vulnerabilities or weak passwords. In March, Radware reported catching a DDoS attack from the botnet.
Hacker’s mind
In this attack, the main purpose of hackers is to create a large amount of attack traffic, causing network congestion in the equipment room, so that normal users can not access the purpose. The DNS reflection technique, amplification efficiency up to 50 times, seemingly simple and crude, in fact, hackers also moved a lot of small thoughts.
In this attack, almost all DNS reflection attack packets are response packets targeting the db.org domain name. With hundreds of millions of domain names available around the world, why are hackers so fond of this one?
On db.org’s home page, you can see the domain asking for 25, 000 euros. According to 360 Netlab, db.org is the fourth most abused domain name for DDoS reflection attacks. Moreover, the recent degree of activity continues to increase, and it is estimated that in the near future, it may not be the first. At that time, the price of the domain was probably more than 25,000 euros.
Afterword.
When the team of Tencent cloud new-generation high defense solution was analyzing data, they received a call for help from a customer. One of his servers was hacked for a DDoS attack, and it’s been hacked for a mining Trojan. It is such a phone call, let Tencent cloud new generation of high defense solution team found a shocking secret.
Bitcoin has been on a long downward trajectory since the beginning of the year. A large number of broiler chickens that had been used for mining began to flow across the border into the hands of DDoS attackers as mining became unprofitable. Tencent cloud new generation high defense solution team is willing to provide high performance, large bandwidth, high reliability anti-ddos service for the majority of Internet enterprises, and jointly fight against DDoS attack this network security tumor.
Question and answer
How to change domain name?
reading
Real time voice interesting voice change, uncle change voice “wonderful sound maiden” Get
Is your Nginx access too slow? Add a module!
Install a panel for your CVM.
Has been authorized by the author tencent cloud + community release, the original link: https://cloud.tencent.com/developer/article/1165485?fromSource=waitui
Welcome to Tencent Cloud + community or follow the wechat public account (QcloudCommunity), the first time to get more mass technology practice dry goods oh ~
Massive technical practice experience, all in the cloud plus community!