熱血時報 | passiontimes.hk brutally attacked by 200,000,000 requests per second

passiontimes.hk brutally attacked by 200,000,000 requests per second



passiontimes.hk brutally attacked by 200,000,000 requests per second



This 200,000,000 is not about money, it is about the DDoS attacks endured by passiontimes.hk in the past month or so—200,000,000 requests per second.  “Distributed denial of service”, commonly known as DDoS, is a series of organised attacks utilising hundreds of thousands of “zombie computers” that have previously been hacked and lying in wait to be used by the hacker(s) to send requests at the very same time to the hackers’ target(s).  This DDoS against us employed multiple methods such as DNS amplication, HTTP flood, and WordPress pingback flood.

A popular webpage in Hong Kong typically receives about 20,000 to 30,000 requests per second to view pages within said webpage’s domain.  On the other hand, 200,000,000 per second translates to an incoming volume of requests of about 96Gbps, as each DNS request has a volume of 200 byte, i.e. 1.6kb.  As a convenient point of reference, the most serious DDoS attack ever had a peak incoming volume of 400Gbps.

Of course Passion Times cannot afford a bandwidth exceeding 100Gbps.  We have had up to 20 internet service providers, who diverted the attacks to more than 40 servers via 690 routes.  But the enormity of the attacks means that seven of the 20 ISPs have already told us that they are unable to handle attacks so severe as this, from which they would rather escape through refunding us.

We have chosen one minute randomly from our system log that has recorded the pattern of hours of such attacks to look at the sources of the attacks in order to provide an illustration of their scale and intensity.  During this minute, not counting the hundreds of thousands of IP addresses that have already been blocked, 812 new IP addresses have been logged.  Those IP addresses come from the following countries:

USA 34.74%
Japan 21.71%
Australia 6.20%
UK 5.46%
Germany 3.97%
Singapore 3.10%
South Korea 2.73%
Indonesia 2.61%
Hong Kong; Taiwan: 2.48% each
Vietnam 1.61%
Malaysia 1.36%
New Zealand 1.12%
France; India: 0.99% each
Canada 0.87%
The Netherlands; The Philippines; Russia: 0.74% each
China; Romania; Sweden: 0.62% each
Turkey 0.50%
Italy; Spain; Thailand: 0.37% each
Finland; Israel; Norway: 0.25% each
Cyprus; Czech Republic; Denmark; Greece; Ireland; Latvia; Lithuania; Pakistan; Ukraine:     0.12% each

The readership of Passion Times mainly comes from Hong Kong, while only 20 newly recruited IP addresses from Hong Kong have been detected during that one minute.  On the other hand, new IP addresses that have been detected include those coming from Pakistan, Romania, India, Israel, Lithuania, Latvia, Russia, Cyprus, Czech Republic, and Vietnam.  Those who are interested in the Umbrella Revolution include this many people from these countries—are you sure?  Together with “major players” such as USA, Japan, Australia, and UK, this looks like a war waged by a 37-nation alliance.  Only five IP addresses come directly from mainland China.

This series of attacks that have lasted for many days has crippled Passion Times.  Many friends of ours have suggested many different ways to deal with this.  Some of them have suggested that we used CloudFlare, the company that was famed to help protecting the 22nd June eletronic referendum website.  As a matter of fact, we began using CloudFlare ourselves soon after the attacks intensified towards the end of September, and have become a paid member.  Its performance during the past week, however, was not up to standard, and was only able to deal with the attacks using a method called null routing.  The result was that our webpage was totally unable to function while CloudFlare was asking for more money than we were able to afford.

Now we are trialing a pre-launch service provided by an international conglomerate in networking that has enabled passiontimes.hk to function once again for as long as it lasts.  We do not know whether we could afford the service once it has been officially launched, so we are likely to have to look elsewhere again.

But we will surely win if we stay firm and persist, as we proclaimed at the beginning of the Umbrella Revolution!

Chinese Version:每秒2億次的網絡攻擊

http://www.passiontimes.hk/article/11-15-2014/19642



作者
讀者回應