Analysis Of John Oliver's DDoS Attack On The FCC - SteelCrysis - 08-13-2018
http://hightechforum.org/john-olivers-attacks-on-the-fcc/
Quote:Keithly’s claim that the attack was caused by a “flash crowd” (BTW, “flash mob” is more traditional) triggered by the Oliver show and not a “non-traditional DDoS attack” is simply a legalistic word game. The attack started four minutes into the Oliver show, and continued at a high level for several days.
Keithly goes to great pains to claim that the attack didn’t start until the Oliver show was over, but his charts and his analysis actually show it starting four minutes into Oliver’s 30-minute-long show.
The attack was characterized by a large number of accesses to an API inside ECFS that’s not a normal target for human interaction, ecfsapi.fcc.gov. This API was targeted by the lovely “gofccyourself.com” domain registered by the very hilarious comedian: when a user typed the domain into a browser, Oliver’s system created a hit on the FCC’s API.
Due to an unfortunate design decision made some years ago, external accesses to the ecfsapi.fcc.gov API impose a lot of load on the website. So a person seeking to sap the FCC’s server of system resources – to make it slow down drastically and even crash – could not do better than direct a portion of Oliver’s 11.5 million person audience (6.5M on TV, another 5 on YouTube) to the system’s weakest link.
Keithly’s claim that the API creates “high volume traffic” all by itself is false. The design of the API is such that it consumes system resources, but it doesn’t create traffic. Oliver’s viewers created the traffic at his behest, and Oliver’s domain redirection ensured it hit the FCC where it hurt the most.
|