Moobot vs. Gatebot: Cloudflare Automatically Blocks Botnet DDoS Attack Topping At 654 Gbps

Moobot vs. Gatebot: Cloudflare Automatically Blocks Botnet DDoS Attack Topping At 654 Gbps

On July 3, Cloudflare’s global DDoS protection system, Gatebot, automatically detected and mitigated a UDP-based DDoS attack that peaked at 654 Gbps. The attack was part of a ten-day multi-vector DDoS campaign targeting a Magic Transit customer and was mitigated without any human intervention. The DDoS campaign is believed to have been generated by Moobot, a Mirai-based botnet. No downtime, service degradation, or false positives were reported by the customer.

Moobot vs. Gatebot: Cloudflare Automatically Blocks Botnet DDoS Attack Topping At 654 Gbps
Moobot Targets 654 Gbps towards a Magic Transit Customer

Over those ten days, our systems automatically detected and mitigated over 5,000 DDoS attacks against this one customer, mainly UDP floods, SYN floods, ACK floods, and GRE floods. The largest DDoS attack was a UDP flood and lasted a mere 2 minutes. This attack targeted only one IP address but hit multiple ports. The attack originated from 18,705 unique IP addresses, each believed to be a Moobot-infected IoT device.

Moobot vs. Gatebot: Cloudflare Automatically Blocks Botnet DDoS Attack Topping At 654 Gbps
Attack Distribution by Country - From 100 countries

The attack was observed in Cloudflare’s data centers in 100 countries around the world. Approximately 89% of the attack traffic originated from just 10 countries with the US leading at 41%, followed by South Korea and Japan in second place (12% each), Continue reading

Restoring data to Netbox Docker

Having just shot myself in the foot by deleting docker and losing a container I had been working on, here is the command to restore data to netbox-docker’s Postgres database:

sudo docker exec -i netbox-docker_postgres_1 psql --username netbox netbox < /path/to/backup/file.sql

Phew…

IDC reports jump in server sales, decline in storage revenue

IDC released two surveys last week with seemingly contradictory results, but there is an underlying pattern: For now, on-premises hardware sales are dipping, while cloud sales are booming.In its Worldwide Quarterly Server Tracker, vendor revenue in the global server market grew 19.8% year over year in the second calendar quarter of 2020 to $24.0 billion, while worldwide server shipments grew 18.4% to nearly 3.2 million units in the same time period. READ MORE: IT employment takes a hit but overall remains healthyTo read this article in full, please click here

How to consolidate network management tools

Network executives are making strides in their ongoing efforts to reduce network management tool sprawl, but there's still plenty of room for improvement on the road to a consolidated, platform-based toolset.Nearly two-thirds of enterprises (64%) in EMA's Network Management Megatrends 2020 report indicated they use between four and 10 tools, and another 17% use more than 10 tools. And that's just the tools that companies will admit to.To read this article in full, please click here

IDC reports jump in server sales, decline in storage revenue

IDC released two surveys last week with seemingly contradictory results, but there is an underlying pattern: For now, on-premises hardware sales are dipping, while cloud sales are booming.In its Worldwide Quarterly Server Tracker, vendor revenue in the global server market grew 19.8% year over year in the second calendar quarter of 2020 to $24.0 billion, while worldwide server shipments grew 18.4% to nearly 3.2 million units in the same time period. READ MORE: IT employment takes a hit but overall remains healthyTo read this article in full, please click here

Why Don’t We Have Dynamic Firewall Policies

One of the readers of the Considerations for Host-Based Firewalls blog post wrote this interesting comment:

Perhaps a paradigm shift is due for firewalls in general? I’m thinking quickly here but wondering if we perhaps just had a protocol by which a host could request upstream firewall(s) to open access inbound on their behalf dynamically, the hosts themselves would then automatically inform the security device what ports they need/want opened upstream.

Well, we have at least two protocols that could fit the bill: Universal Plug and Play and Port Control Protocol (RFC 6887).

Read more …

ICYMI: From Docker Straight to AWS Built-in

In July we announced a new strategic partnership with Amazon to integrate the Docker experience you already know and love with Amazon Elastic Container Service (ECS) with AWS Fargate. Over the last couple of months we have worked with the community on the beta experience in Docker Desktop Edge. Today we are excited to bring this experience to our entire community in Docker Desktop stable, version 2.3.0.5.

You can watch Carmen Puccio (Amazon) and myself (Docker) and view the original demo in the recording of our latest webinar here.

What started off in the beta as a Docker plugin experience docker ecs has been pulled into Docker directly as a familiar docker compose flow.  This is just the beginning, and we could use your input so head over to the Docker Roadmap and let us know what you want to see as part of this integration. 

There is no better time to try it.  Grab the latest Docker Desktop Stable. Then check out my example application which will walk you through everything you need to know to deploy a Python application locally in development and then again directly to Amazon ECS in minutes not Continue reading

Huawei ban could complicate 5G deployment

As carriers race to build out their 5G networks, options for buying the gear they need are fewer in the U.S. than in other countries thanks to federal pressure, which could be slowing deployments. 5G resources What is 5G? Fast wireless technology for enterprises and phones How 5G frequency affects range and speed Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises China-based Huawei and ZTE were both banned from providing equipment to the government itself in the Defense Authorization Act of 2018, and a general import ban followed shortly thereafter. That has changed the competitive landscape considerably, and raises questions about how the shape of 5G in America could change as a consequence.To read this article in full, please click here

Q&A: Building on 40 Years of Experience with Distributed Systems at Nokia

On the cloud native journey, there are both general lessons and best practices that apply to nearly all companies as well as industry-specific challenges. Cloud native journeys aren’t one-size-fits-all; the best way to handle storage, networking, security and even back-ups depends on the specifics of both the industry and the individual company.  We spoke with Nokia, about the specific challenges faced by telecom companies as they adopt containers and Kubernetes and how the industry is addressing them. Here’s what he had to say about best practices both for other telecoms as well as everyone making the move to cloud native.  Can you give an overview of Nokia’s cloud native journey? When did it start, how far are you in maturity? What have been major turning points/landmarks on the journey?  Nokia, as with many other telecom infrastructure vendors, has a long history in implementing and utilizing massively distributed systems. We started to build our own cluster management system back in the 1970s, which was based on proprietary hardware and software. As network function virtualization (NFV) technology gained momentum in 2016, we began offering infrastructure solutions and virtual network functions (VNFs) for the ETSI NFV Management and Orchestration (MANO) standard, leveraging OpenStack. Today, Nokia’s CloudBand MANO solution is Continue reading

Member News: Kyrgyzstan Chapter Focuses on Online Resources for Schools

Library access: The Kyrgyzstan Chapter of the Internet Society has started work on version 2.0 of its ilimBox project, an online educational platform for teachers and students. The ilimBox device, now powered by the Raspberry Pi 4, will include new educational videos, audio, and text resources. IlimBox is a digital library for schools and public libraries, containing Wikipedia in Kyrgyz, Russian, and English, the Khan Academy electronic library in English, and thousands of video lessons, audio, and electronic books. All these digital training materials can be used offline, with users not needing immediate access to the Internet, although the library also connects to services through WiFi. As of last November, about 100 schools in Kyrgyzstan had installed ilimBox.

Building a better network: The Ghana Chapter has a post on efforts to improve the wireless network at Ho Technical University, and the author credited training from the Internet Society on community networks in helping him sort out problems with the network there. The campus network “had a lot of issues such rogue DHCP servers and IP address conflicts,” the author noted.

Algorithmic privacy: The Commission for the Protection of Privacy in Canada has given a grant to the Quebec Chapter Continue reading

The History of Comm Servers with Kevin Herbert

Communication Servers designed to support hundreds or thousands of users reached their peak capabilities just as dial-up service access began to recede in importance. In fact, many network engineers today have probably never managed a dial-up communications server, which were once used to connect everything from individual users to services like AOL and remote workers to entire sites (hence OSPF’s demand circuit capability). Kevin Herbert joins us to discuss the early work on communication servers, including some of the challenges of working with early networking hardware.

download

Next Platform TV for September 15, 2020

On today’s program, some kickoff analysis of the Nvidia/Arm deal; a look at geospatial AI and what it requires in terms of future hardware and frameworks; physics-informed AI and what it means for future simulations and use cases; the Summit supercomputer and the “right” architecture for large-scale, multidisciplinary  COVID-19 research; the elements of a hyperconverged data platform; infrastructure as code; much more in today’s interview lineup.

Next Platform TV for September 15, 2020 was written by Nicole Hemsoth at The Next Platform.

Secure from the Start: Shift Vulnerability Scanning Left in Docker Desktop

Application delivery velocity can be tripped up when security vulnerabilities are discovered after an app is deployed into production. Nothing is more detrimental to shipping new features to customers than having to go back and address vulnerabilities discovered in an app or image you already released. At Docker, we believe the best way to balance the needs for speed and security is to shift security left in the app delivery cycle as an integral part of the development process. 

Integrating security checks into Docker Scan was the driver behind the partnership with Snyk, one of the leading app security scan providers in the industry. This partnership, announced in May of this year, creates a vision for a simple and streamlined approach for developers to build and deploy secure containers. And today, I’m excited to share that the latest Docker Desktop Edge release includes Snyk vulnerability scanning. This allows Docker users to trigger local Docker file and local image scans directly from the Docker Desktop CLI. With the combination of Docker Scan and Snyk, developers gain visibility into open source vulnerabilities that can have a negative impact on the security of container images. Now you can extend your Continue reading

Using bash’s shopt builtin to manage Linux shell behavior

If you haven’t tried it yet, you might be surprised by the many features of shopt. While it works like a Linux command, it’s actually a bash shell builtin that allows you to change many things about that shell’s behavior.One option, for example, allows the shell to fix minor typos when you type directory names. To demonstrate, in the first cd command shown below, the directory name, bin, is typed with an extra letter and the shell complains and gives up:$ cd binn -bash: cd: binn: No such file or directory This next command enables the cdspell option that gets bash to attempt to correct minor typos in directory names.To read this article in full, please click here

Three Ways Operationalizing NSX Will Transform Your IT Organization

By Kevin Lees and Devyani Pisolkar, authors of the ‘Operationalizing VMware NSX’ guide

Virtualized networking and security may appear to be a standard feature of today’s modern data center, but it wasn’t so long ago — what, seven years? — that network virtualization was a new concept, largely introduced and propelled by VMware. How time flies. Today, across industries, network virtualization, in the form of VMware NSX, is the go-to choice for delivery of software-based network and security services. Nowadays we spend less time discussing the novelty of the architecture and more time talking about how to maximize the value of NSX by fully operationalizing the platform to make it a critical driver in your digital transformation.

VMware NSX is utterly unlike legacy networking

VMware NSX delivers networking and security services entirely in software. That enables organizations to move myriad operational tasks into the software layer, but to leverage it fully requires a top-to-bottom rethink of network operation itself. Under NSX, the old paradigm of the network as a hardware silo is gone; instead, the virtualized NSX network is an integral component in the software-defined data center.

Which brings us to the key point: in order to fully realize Continue reading

Secondary DNS – Deep Dive

How Does Secondary DNS Work?

Secondary DNS - Deep Dive

If you already understand how Secondary DNS works, please feel free to skip this section. It does not provide any Cloudflare-specific information.

Secondary DNS has many use cases across the Internet; however, traditionally, it was used as a synchronized backup for when the primary DNS server was unable to respond to queries. A more modern approach involves focusing on redundancy across many different nameservers, which in many cases broadcast the same anycasted IP address.

Secondary DNS involves the unidirectional transfer of DNS zones from the primary to the Secondary DNS server(s). One primary can have any number of Secondary DNS servers that it must communicate with in order to keep track of any zone updates. A zone update is considered a change in the contents of a  zone, which ultimately leads to a Start of Authority (SOA) serial number increase. The zone’s SOA serial is one of the key elements of Secondary DNS; it is how primary and secondary servers synchronize zones. Below is an example of what an SOA record might look like during a dig query.

example.com	3600	IN	SOA	ashley.ns.cloudflare.com. dns.cloudflare.com. 
2034097105  // Serial
10000 //  Continue reading
1 836 837 838 839 840 3,785