Blue bites the dust …
I’ve written about Blue Security, Blue Frog and the attacks on them by spammers before. The last couple of days, access to the Blue Security site and to spam reporting has been kind of spotty. Then last night, spam reports started bouncing totally. So I took a look around the net to find out what was going on. Imagine my surprise that Blue Security had simply given up and folded in the face of continued attacks by the spammers!
Of course, on reading further, I realized that Blue Security probably had no choice. The spammer seems to have been bulldozing through everything in his/her path to get Blue Security to crumble. However, given the scale of damage caused and the number of companies and organizations that the spammer seems to have taken down, it makes me wonder as to why nothing is being done about this kind of thing.
The Internet has become the battleground of the future and the future is today. It looks as if any individual with the know how and the skill can simply hold any site on the Net hostage. Forget about little itty bitty sites like mine and yours, they can apparently hold multi-million dollar companies hostage. Nothing is safe anymore since if you are attacked, your host will probably drop you. And if you thought your host was safe, then maybe your DNS provider will drop you. Basically, if somebody doesn’t like what you say, they can take your site down and there is nothing much you can do about it. Sounds insane, doesn’t it? I guess this is just another facet of learning just how powerless we are in today’s empowered world :p
It’s not as easy as you seem to suggest :p I work for a web hosting company and most of the SYN flood attacks I’ve seen come from many different IPs and blocking even ten or twenty of the IPs does not help. Of course, it’s easy to stop an attack if it comes from only one IP – all you have to do is block that IP. I don’t think TypePad or TuCows or UltraDNS would allow their services to become unavailable and thousands of sites to go down if the attack was from one solitary IP, do you? 🙂 Sure, it’s easy to say you can do this or you can do that, but if you read the articles, you will notice that Blue Security didn’t have just their servers disabled by DDoS attacks, even the servers of their registrar and other supporting service providers had their servers taken down. Do you honestly believe all these companies were utterly inept? 🙂
If they have their own IT department and own dedicated line to the internet, any well-configured system can filter out the unwanted packets and allow everyone else in. Most DDoS attacks use malformed SYN packets or come from the same repeated sources. Either filter the traffic or the IP addresses of the offenders. Doesn’t it seem odd that a “security” site can be taken off the net by this? My .02