Twitter attacks

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Twitter attacks

Post by matthijs »

So it seems twitter has been down for a couple of days now. What can be done in such situations? With massive botnets attacking from thousands of pc's and many different locations all over the world, is it even possible for the Twitter devs to do anything against these things?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Twitter attacks

Post by jackpf »

Twitter is down?

I personally think it's a turn for the best. I've never actually used it, but people just talking about it annoys me.

I hate the way all these social networking websites clone eachother, like, EXACTLY, and then suddenly it's "the new thing", when it's in fact exactly the same as the last "new thing", just with a new and stupider name.

/rant.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Twitter attacks

Post by matthijs »

I don't use twitter either, but that's not the question here. I actually am interested in the general technical issues behind an attack like this and what people think about possible solutions, problems, etc

it's an interesting example, because so many third-party apps relying on twitter are down as well. Facebook has also been under attack, but if I believe the news they have been able to handle the attack a bit better
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Twitter attacks

Post by jackpf »

Sorry, I just felt like getting that off my chest :x

But yeah, this article seems to provide some decent information about what happened.

I don't think there is a solution to DoS. Twitter say they now use software to filter out fake requests, but this slows down requests for everyone, since all requests must be checked.

And yeah, apparently facebook wasn't hit quite so hard. Since they're larger, they host their site with multiple service providers, so attacking one server cluster would allow them to switch over to another without too much ill effect.

Good on "Cyxymu" or whatver his name is though :D He must own a lot of computers...
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Twitter attacks

Post by josh »

I think theres multiple techniques, it used to be they sent the ping of death which kinda caused recursion in a way, that I believe is what they can filter, but if the seemingly legit IPs are just requesting the index I dont see how it can be blocked, you would think you could just block an IP after it requests the same page 50x in an hour period though or something, and employ judicious caching, but I haven't had the "privledge" to encounter this type of issue first hand ( crosses fingers ). In reality it probably depends on the bot software, if it is so good at mimicking real traffic how do you even begin to delineate a valid request from a ddos? One way would be via javascript but then again the bot could easily just run a real browser just not visible to the host user

This was also interesting: http://en.wikipedia.org/wiki/Denial-of- ... _of_attack

It seems if they know 1 of your pages is expensive to generate CPU wise they could aim to max out that one page, it seems more likely when huge sites go down theyre doing it at the network level
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Twitter attacks

Post by matthijs »

The central problem is, I think, that an DDOS attack can come from thousands or millions of individual computers, while a website/app is always a single address (even if it load balances on different servers)

The only way this can be really prevented is to have the website be distributed as well. Not sure if or how that would be possible. Something like what's done with torrents. Nobody is the single source for a file, but everybody has little snippets of that file. So if one person closes his computer, it doesn't matter for the distribution of the file
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Twitter attacks

Post by josh »

Which could raise security issues ( obviously ), I dont think there any immediate answer, maybe more secure operating systems that don't allow botnets
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Twitter attacks

Post by matthijs »

Or maybe if everybody would ditch Windows and switch to Linux/mac/other secure system you wouldn't have those botnets in the first place
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Twitter attacks

Post by Weirdan »

matthijs wrote:Or maybe if everybody would ditch Windows and switch to Linux/mac/other secure system you wouldn't have those botnets in the first place
You would have those botnets on linux then.
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Twitter attacks

Post by matthijs »

Ok I should have phrased that differently (don't want to kill the thread). What I should have said, is something like: if it's not possible to defend an attack like this on the server level, is there something which can be done on a local level to prevent computers from being hijacked? (I'm not talking about running a virusscanner or something, that's like mopping while the tap is running) What about mobile phones. Soon there will be more mobile phones accessing the internet then pc's. Phones are almost always switched on and connected, so I can imagine they are a nice target to create a botnet from
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Twitter attacks

Post by josh »

Personally, it is a sign we have a lot to pioneer. It is a problem with usability / the user, if the user isn't going to question why a screen saver is requesting access to the internet and why theyre getting 10+ browser toolbars, well something isnt right there. Ive been using computers more then half my life when I was a little kid my dad used to lecture me on viruses and such god forbid we had the format the family computer, but I think most people's upbringing they think computers are like in the movies ( where every movie has some ridiculous fake OS ). If people were a little more educated / observant theyd stop it, but they lack the common sense or the current paradigm is too confusing for them which allows the botnets to exist in the first place
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Re: Twitter attacks

Post by matthijs »

True, (lack of) education is an important part of the problem.

However, I also think it's the way the operating systems are build. They are build by developers, for developers. For the general public, a very thin fancy UI is put on top of that. But inside, it's still a developer's system, with the possibilities and responsibilities that go with that.

I mean, it's ridiculous that it is possible for a regular pc user that executable programs are installed with one click of a mouse button (or even without knowing it happened!). And that those programs are able to wrack the whole system or do what they like. Furthermore, imagine I am a regular not so technical user. If I turn on my computer, I should see a task bar with all programs running. If a virus was installed some how, I should see it running in that task bar. That way, I'd know something was wrong.

Now I remember from windows that you could check the activity monitor. But there you see like 50 processes running, and it's absolutely not possible to know which are good and which are bad. Or take a regular Firewall. Again, dozens of processes running, packages going back and forth. Even for me as an "experienced" computer user, those things are meaningless.

Next you know, the firewall is asking "Process XGT564.core.something is requesting access to internet. Do you want to allow that?". If you click yes, you might have just allowed a virus internet access. If you click no, next you know your mail program isn't working anymore because you blocked something legitimate
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Twitter attacks

Post by josh »

Yeah but at the same time I don't want my OS preventing me from installing a program like ultramon ( replaces your task bar and adds shell features ), there would have to be a way to communicate to the user exactly what installing a program entails, and for e.g. my mom asks me the other week what it means you need a plugin to open a word 2007 file in office 2003, shes called me and the computer hasnt even been plugged in, if a dialog even pops up it throws these kinda people off, let alone them trying to comprehend what a shell is, theyll think youre talking about mermaids or something lol.

Perhaps one method though, could be an on site captcha, if the user fails too much their ip gets null routed? It could be activated only when the load is above a certain level, you'd have to do rdns lookups on the ips and then cross check the hostname maps back to the correct IP as well which would incur some more overhead as well as block out legit users im sure, but that would be better then the site going down for everyone
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Twitter attacks

Post by josh »

php.net does this.

"Server too busy, please try again later, or use a mirror" ( mirror links me to http://php.net/mirrors.php which times out tho lol ), must be getting ddosd? I need the manual, specifically a comment from one of the pages heh
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: Twitter attacks

Post by jackpf »

You should download the manual ;)
Post Reply