I understand these things happen, and something like a DoS attack will take out a particular site, but sometimes the outages seem to be regional. I’ve heard some things about appearing you are in a different place than actual, usually as a way of getting on websites that are area specific (and your area is not covered).
Could such a method be used if the internet is disrupted in a certain area? like in the above site much of the NorthEast US had ‘internet outages’, could I get back on to those websites from somehow make it appear like my connecting was from lets say the western US or even a different country?
When we had extended power outages that (after the local batteries ran down) took out cable/internet, our cell phones still worked. It’s a lot easier to keep up cell towers and a network than a vast sprawl of powered devices on wire.
I guess you could put in a backup generator, so that when the net goes down, it starts randomly generating cat videos, political screeds, and Facebook entries. Hmm. In the words of Douglas Adams, “Another theory is that this has already happened.”
My understanding was that this particular DDOS attack was actually against “Dyn, an internet performance management company” (I cut that description from an nbcnews.com article about the event). I’m guessing that everyone who uses that company’s Internet services ended up as collateral damage.
It depends. If it’s a physical issue (cable cut) or the DDoS attack happens against your ISP, then you can’t get to the internet to spoof your address to looking like you’re coming in from somewhere else. If you can get to the internet, you could then spoof your IP address to look like you’re elsewhere & then get to, say, Twitter.
The media accounts I’ve seen, and this includes Slashdot have been less than helpful. Slashdot has even had to walk back its vague guesses on what was happening.
Large companies have their sites hosted on very large server farms opertated by other companies. One of the largest such is Amazon. Dyn provides DNS mapping services for some of the companies hosted there. (But not all.)
Dyn was hit with a DDoS attack. Perhaps hundreds of thousands of devices on the Internet. (Nowadays most often poorly written IoT things like security DVRs, connected HVAC controls and on and on.) These devices swamp the servers at Dyn with certain types of Internet packets that consume resources on Dyn’s servers and slow them to a crawl.
DNS works by spreading and sharing info on what server names go with what IP addresses. The info has to updated continually as these things change quite often. If the info can’t be sent out and updated by Dyn, other DNS servers no longer have the right information. And the home users of those DNS servers can’t reach the desired web site.
If it was your ISP that was having fits, then switching to a different DNS server will help. E.g., I use Google’s open DNS servers: 22.214.171.124 and 126.96.36.199. But if Google’s DNS server doesn’t have the right info either, no help.
If you regularly use a site that has a fixed IP address. You can record that and if your DNS service is disrupted, try to substitute the IP address for the server name in the URL. But note that the server you are using is also using DNS to look up stuff in it’s local domain, ad servers, etc. So it that site is also having DNS issues, then odd things will happen.
It seems to me that DNS has a flaw, in that it doesn’t hold on to old records if the new ones don’t arrive. I mean, it’s not like the big sites change their IPs all the time. So there’s no reason why my ISP should have lost, say, Twitter’s IP, unless it intentionally deleted it.
I was thinking that they’d spoofed the DNS and thus got the addresses messed up. That would have made more sense to me.
DNS is quite a problem. Despite the idea that the Internet was designed to be highly reliable, this reliability did not take into account actual bad actors using the Internet. Rather it was designed to be resilient against physical attack - ie cutting cables. The actual protocols used are not very secure. They were designed with a different set of requirements. The lack of security in DNS is a well known issue. However solving it is far from trivial. There are things like DNSEC (Domain Name System Security Extensions) but they are far away from becoming the standard DNS system.
During the adolescence of the Internet (say 20 years ago) there seems to be a bit of unseemly haste in crafting new protocols, and having then deployed. Although there was an established mechanism for accepting new protocols, it seemed to be enforced a bit laxly. IMHO there are probably quite a few protocols with less than stellar robustness in use because of this. DDoS attacks can make use of some surprising tricks to exploit vulnerabilities. I would not expect resolution to the overall issue for a while yet.
I suspect you don’t know how TCP/IP works. If you spoof your IP address you won’t get any return packets, because they won’t be coming back to your network. Spoofing IP addresses is a one way deal, and if network designers did their jobs properly, even that shouldn’t work.
That’s called “tunneling”, and a completely different thing to spoofing.
And it wouldn’t have helped with the Dyn outage. The only solution to that would be to use a local DNS that ignores the Dyn supplied TTL on A-Records (which were very short, many apparently on the order of 150 seconds) and cache the records for much longer (maybe 24 hours). That way, if the local dns server cannot update from the specified nameserver, it can keep the last working A-record.
But his still implies retaining the A-record for a sufficiently long time - and assumes that the short TTL does not imply constantly-changing servers or IP addresses. YMMV.
My first thought was hide your wimmen. Also, can’t you pack more electrons in an Einstein-Bose condensate? If not, they’d certainly be easier to catch. On the other end of the scale, they’d be frisky but more easily storable in collapsed-star bins in your basement.
Sometimes DDoS attacks come from specific areas. A DDoS attack against an Australian server or service would probably come from outside Australia, and could be blocked by blocking outside traffic. The site (or service) would still be visible in Australia.
This happened recently in Australia (“The census”), but two things happened: the attempt to block foreign traffic failed (for technical reasons), and the supplier got so worried they just took the site off-line anyway.
Also, in general, if you can’t get through to google.com, you can try google.com.au It’s been years since there a google fault like that where it actually would have made a difference, but yes, google.com.au is a different domain name, and a different IP address, and (used to be?) different servers in a different location using a different cache, so the last time google went partly down (years ago), it did stay partly up.
If an attack like this happens again, then BEST thing you and your neighbors can so is to disconnect all your electronic gadgets from the internet and see what they are saying to do on the news. (Watch TV at a bar or neighbors if you have internet TV.)
It could very well be that some of your and your neighbor’s gadgets are contributing to the attack, so disconnecting them could actually help to resolve the problem.
For now, be sure you have you own unique passwords on EVERY internet connected device you have. Never connect anything to the internet without a password or connect anything without changing the factory password to a password of your own.
WRITE DOWN THE PASSWORDS ON PAPER!
A good password is NOT a word or words which could be found in a dictionary, nor a name.