The Problem

Couple of days back, 21-October-2016 everyone connected on the web experienced sluggishness in connecting to the normal sites and saw obstruction in their regular works.

The scenario can be visually described as follows:

Incase you might be wondering why this attack happened now, the internet is way mature, why can’t it protect itself from such attacks?

Well, then do read on…

The Players

From an ideal perspective the players in the attack are listed:

1. Users of the web (us) (attackers and victims)
2. ISP’s (medium through which attack was carried out)
3. Device Manufacturers (Things, which got compromised — zombies)
4. Regulatory Organizations (They are mostly sleeping or doing other important silly stuff, lets leave them out of this discussion)

The Premise

Let us look at those questions asked earlier and more:

What is dDos?

It stands for distributed Denial of Service. Consider your regular pesky thing that you have to do and can’t live without?(siblings,kids,neighbours.. anyhuman thing). They come nagging to you, you can handle it but maybe 10 requests in a day a max! The 11th request from that pesky thing will get a denial of service response!(simply a No!)

Now,Imagine yourself at a play house. And you are already having a minor headache(it was Friday, everyone was in the mood to relax). Multiply your single pesky thing with say 10, you are bombarded with pesky request from everywhere, what will happen to you? You might handle say 20 requests at that moment, looking at the situation, but a time will come soon where you will get exhausted and simply stop responding to important requests of like : open the door, and you are standing still!

You just got dDos’ed 🙂

Can you explain it in layman’s terms?

Here is the wikipedia entry.

I still did not get it..

See this:

Why this attack happened now?

It was waiting to happen, its like too many cooks, spoil the broth kinda scenario. Lot of unpatched/sloppy devices connected to the internet working for you and they all had a common zombie entry point, that simply got activated!

The internet is way mature, why can’t it protect itself from such attacks?

I am sure there are some orgn that were actually fighting this menace! Imagine a hospital unable to get reports of a patient in critical condition!So I am pretty sure what got reported and what actually got fixed and treated is somewhat different. So the internet is not at all mature, we are still not ready to have our life depend on it, our livelihood might depend on it but not life!So some orgn might be involved (even now) preventing many such attacks to keep the internet working, and some sleeping regulations might have also protected and saved us from a much more severe attack!

The rules are pretty simple, everyone is united on this matter and no one likes a dDos attack to happen! It actually interrupts normal/perceived flow of life on a day-to-day basis.

So basically its the attackers who (misued?) a compromised device and affected the network. Its pretty clear, there is something that needs to be fixed/controlled in the wild. And its not impossible..

Onto the solution then, shall we proceed?

The Solution

Two parts solution can be proposed:

1. Regulation. In an ideal world, regulation is already in place and device manufacturers are supposed to follow them and hence they are able to sell their products. So something stronger needs to be put in place for regulation. Say if a device is an IoT kinda device, then as per regulation it should be allowed to use 5% of the bandwidth. If its a phone or a computer, then it will not have such a restriction, or maybe it can have!
2. ISP Level Quota Software. ISP’s would want to pitch in this idea, where a custom configuration software would be installed at per user site and there based on the MAC address the bandwidth quotas can be defined. Say you got a new IoT device for your home, you will get to configure and set a max bandwidth that device is allowed to consume on your home network.

Thoughts?