Infinite loops between servers can lead to performance degradation or network overload. We describe two cross-service UDP loop incidents affecting Google's QUIC implementation several years ago, and share some general…
We typically fight our own fires, but if one of us sees something interesting/new we often ask others (after the fire is out) if anyone else saw a similar attack (which could be a new botnet, a new attack method, or…
Get a few companies to agree that open proxies are a scourge that needs to be stopped. They each apply some action to open proxies (user-facing messaging, loss of functionality, captcha, or complete block), and the…
Most likely Google has more than one computer.
It's mostly not infected computers, but rather poorly configured proxies that are open for anyone to bounce malicious traffic through. Convincing everyone to clean up their open proxies is a long-term, hard problem. But…
We don't need to share a block-list, but yes, blocking all traffic from open proxies (which nearly all the large attacks of the 2020s have used) is definitely part of the long-term plan. Any legitimate users of those…
Totally different. The attacks on VOIP vendors mostly used UDP amplification, which relies on having a server that can fake its source IP due to an incompetent (or complicit!) network provider, while this is a botnet…
DDoS is sometimes used as a form of censorship -- in this case the attack targeted specific videos.
The trend-lines were really just to guide the eye (the text gives this context), but if you really must know: the R^2 for all three fits was above 0.9, suggesting the exponential growth model is reasonable. As you say,…
Infinite loops between servers can lead to performance degradation or network overload. We describe two cross-service UDP loop incidents affecting Google's QUIC implementation several years ago, and share some general…
We typically fight our own fires, but if one of us sees something interesting/new we often ask others (after the fire is out) if anyone else saw a similar attack (which could be a new botnet, a new attack method, or…
Get a few companies to agree that open proxies are a scourge that needs to be stopped. They each apply some action to open proxies (user-facing messaging, loss of functionality, captcha, or complete block), and the…
Most likely Google has more than one computer.
It's mostly not infected computers, but rather poorly configured proxies that are open for anyone to bounce malicious traffic through. Convincing everyone to clean up their open proxies is a long-term, hard problem. But…
We don't need to share a block-list, but yes, blocking all traffic from open proxies (which nearly all the large attacks of the 2020s have used) is definitely part of the long-term plan. Any legitimate users of those…
Totally different. The attacks on VOIP vendors mostly used UDP amplification, which relies on having a server that can fake its source IP due to an incompetent (or complicit!) network provider, while this is a botnet…
DDoS is sometimes used as a form of censorship -- in this case the attack targeted specific videos.
The trend-lines were really just to guide the eye (the text gives this context), but if you really must know: the R^2 for all three fits was above 0.9, suggesting the exponential growth model is reasonable. As you say,…