Feeds

US websites buckle under sustained DDoS attacks

South Korea, too

Securing Web Applications Made Simple and Scalable

Websites belonging to the federal government, regulatory agencies and private companies have been struggling against sustained online attacks that began on the Independence Day holiday, according to multiple published reports.

At time of writing, most of the targets appeared to be afloat. Nonetheless, several targets have buckled under the DDoS, or distributed denial of service, attacks, which try to bring down a website by bombarding it with more traffic than it can handle. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said.

Other sites, including FAA.gov, Treas.gov and DOT.gov also experienced outages, a person said familiar with the attacks told The Register. DOT spokeswoman Sasha Johnson said late Tuesday: "The DOT has been experiencing network incidents since this past weekend. We are working with the US Computer Emergency Readiness Team at this time."

Both Kaplan and Johnson declined to say whether their agencies' sites were under attack.

The DDoS attacks appear to be originating from compromised computers located primarily in the Asia Pacific region and are being delivered as plain-vanilla floods of ping, syn and UDP packets, said the person, who asked not to be identified because he wasn't authorized to share the details.

The attacks came as South Korean websites operated by the government and private companies also were hit, the Associated Press reported here. In all, 26 websites, including those run by Nasdaq, the New York Stock Exchange and the Washington Post are being targeted, according to The Washington Post, which also covered the attacks.

There seems to be some confusion about just how powerful the attacks are. The person familiar with the attacks said they were relatively modest.

"Most are easy to mitigate," the person familiar with them said. "I'm surprised any of these attacks are as effective as they are."

But an unidentified person briefed by government investigators told IDG News the attacks directed as much as 20 gigabytes to 40 gigabytes of bandwidth per second during their height over the weekend. They have since settled down to about 1.2 gigabytes per second, IDG said. ®

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.