DDoS: The Real Extortion. It’s Not What You Think…


I am not normally a big fan of conspiracy theories, but I when I start to connect the dots on the evolution of DDoS, I can really only come to one conclusion that makes sense and holds together.   You may be surprised at what I have found.

But first, my observations about DDoS.

We have all heard the stories about businesses getting hacked, bank accounts compromised, or credit cards stolen.  These breaches happen quietly and discreetly, often only discovered long after the fact.  I can clearly understand the motivation of  a perpetrator behind this type of break in.  They are looking to steal some information and sell it on the dark web.

On the other hand, a DDoS attack does not pose any security threat to a business’ data, or their bank accounts.  It is used as a jamming tool to effectively cut off their communication by paralyzing their network.  I have read vanilla articles detailing how extortion was the motivation.  They generally assume the motive is money and DDoS attacks are monetized through extortion.  You get attacked, your web site is down, and some dark figure contacts you via a back channel and offers to stop the attack for a ransom.  Perhaps some DDoS attacks are motivated by this kind of extortion,  but let’s dig a little deeper to see if there is a more plausible explanation.

Through my dealings with 100’s of IT people managing networks, almost all have experienced some sort of DDoS attack in the past 5 or 6 years.

To my knowledge, none of my contacts were ever approached by somebody attempting to extort money.  When you think about this, taking a payment via extortion is a very risky endeavor for a criminal.  The FBI could easily set up a sting at any time  to track the payment.  You would have to be very, very clever to extort and take payment and not get  caught.

Another explanation is that many of these were revenge attacks from disgruntled employees or foreign agents.  Maybe a few, but based on my sample and projecting it out, these DDoS attacks are widespread, and not just limited to key political targets.  Businesses of all sizes have been affected, reaching into the millions.  I can’t imagine  that there are that many disgruntled customers or employees who all decided to settle their grievances with anonymous attacks in such a short time span.  And what foreign  agent would spend energy bringing down the Internet at a regional real estate office in Moline, Illinois?  But it was happening and it was happening everywhere.

The real AHA moment came to me one day when I was having a beer with an IT reseller that sold high-end networking equipment. He reminisced about his 15 year run selling networking equipment with nice margins.  Switches, Routers, Access Points.

But revenue was getting squeezed and had started to dry up by 2010.  Instead of making $100K sales with $30K commission, many customers dumped their channel connection and started buying their equipment as a commodity on-line at much lower margins. There was very little incentive to work the sales channels with these diminishing returns. So what was a channel sales person going to do now to replace that lost income?  The answer was this new market selling $200K integrated security systems and clearing $30K commission  per sale.

I also learned after talking to several security consultants that it was rare to get a new customer willing to proactively purchase services unless they were required to by law. For example, the banking and financial industry had established some standards. But  for large and medium private companies it is hard to extract $200K for a security system as a proactive purchase to protect against an event that had never happened.

I think you might be able to see where I am going with this, but it gets better!

I also noticed that, post purchase of these rather pricey security systems, attacks would cease.  The simple answer to this is that an on-site DDoS prevention tool generally has no chance of stopping a dedicated attack. A DDoS attack is done by thousands of hijacked home computers all hitting a business network from the outside. I have simulated them on my own network by having 100 virtual computers hitting our website over and over as fast as they can go and it cripples my web server.

The only way to stop the DDoS attack  is at the source.  In a real attack the victim must hunt down the source machine all the way back to their local ISP and have the ISP block  the attacker at the source.  Now imagine an attack coming from 1000 different sources located all over the world. For example, your home computer, if compromised by a hacker, could be taking part in an attack and you would never know it.  Professional hackers have thousands of hijacked computers under their control (this is also how spammers work).  The hacker turns your computer into a slave at its beck and call.  And the hijacker is untraceable. When they initiate an attack they tell your computer to bombard a website of their choosing, along with the thousands of other computers in their control, and BAM! the website goes down.

So why do the attacks cease once a customer has purchased a security system?   If the attacks continued after the purchase of the tool the customer would not be very happy with their purchase.  My hypothesis: Basically, somebody is calling off the dogs once they get their money.

Let me know if you agree or disagree with my analysis and hypothesis.  What do you think is happening?

Stick a Fork in Third Party Caching (Squid Proxy)


I was just going through our blog archives and noticed that many of the caching articles we promoted circa 2011 are still getting hits.  Many of the hits are coming from less developed countries where bandwidth is relatively expensive when compared to the western world.  I hope that businesses and ISPs hoping for a miracle using caching will find this article, as it applies to all third-party caching engines, not just the one we used to offer as an add-on to the NetEqualizer.

So why do I make such a bold statement about third-party caching becoming obsolete?

#1) There have been some recent changes in the way Google provides YouTube content, which makes caching it almost impossible.  All of their YouTube videos are generated dynamically and broken up into segments, to allow differential custom advertising.  (I yearn for the days without the ads!)

#2) Almost all pages and files on the Internet are marked “Do not Cache” in the HTML headers. Some of them will cache effectively, but you must assume the designer plans on making dynamic, on the fly, changes to their content.  Caching an obsolete page and delivering it to an end user could actually result in serious issues, and perhaps even a lawsuit, if you cause some form of economic harm by ignoring the “do not cache” directive.

#3) Streaming content as well as most HTML content is now encrypted, and since we are not the NSA, we do not have a back door to decrypt and deliver from our caching engines.

As you may have noticed I have been careful to point out that caching is obsolete on third-party caching engines, not all caching engines, so what gives?

Some of the larger content providers, such as Netflix, will work with larger ISPs to provide large caching servers for their proprietary and encrypted content. This is a win-win for both Netflix and the Last Mile ISP.  There are some restrictions on who Netflix will support with this technology.  The point is that it is Netflix providing the caching engine, for their content only, with their proprietary software, and a third-party engine cannot offer this service.  There may be other content providers providing a similar technology.  However, for now, you can stick a fork in any generic third-party caching server.

Creative Marketing Pushing the Limits


I just spent the evening advocating for my 90 year old mother, getting her through the bureaucracy gauntlet of a large teaching hospital.  The highlight of my evening was when I had to move my car from in front of the ER entrance, and upon my return the security guard refused to let me back into the ER.  I had essentially been evicted from the hospital.  I’ll spare you the details of the rest of tonight’s carnage as it is not really relevant for a technical product blog, but it did jar a repressed memory from when we were in early startup mode years ago, and I was trying to gain some market traction.

Flash back to early 2005, NetEqualizer was no more than a bundled open source CD selling for less than a decent television goes for these days. Our customers were mostly early adopters running on shoestring budgets.  Encouragement came in the form of feedback from customers. We were getting amazing reviews from smaller ISPs, who raved about how good our bandwidth shaping technology was.  My problem was that their enthusiasm was not translating into larger corporate customers.  In order to survive, we had to leverage our success into a higher-end market, where despite our technical success we were still an unknown commodity.

With time on my hands, and my industry expertise current on the Telco industry, I started writing small articles for trade magazines.  These vignettes were great for building a resume, but not so great at getting the NetEqualizer in front of customers.  With each passing week I would chat with the editor(s) from Ziff Davis and propose article ideas. Slowly I was becoming a respected yet starving feature writer. By necessity, entrepreneurs have to think out of the box, and I was no exception when I hatched the idea for my next article.  The conversation with my Editor went something like:

Me:  “Hey Bill, I have an idea for a new article.”

Bill: “Let’s hear it. ”

Me: “Well, there is big trade show next month in Orlando…  How about I head down there and write a new product review feature for your magazine? I’ll walk the floor and impromptu interview various vendors and put together a review feature with a little insider flair, what do you think?”

Bill: “Go for it! Keep me posted. We can’t pay your expenses though.”

Me: “That’s fine. In return for not getting paid, I hope to use my access as your feature writer to also start some conservations on our Bandwidth shaper, to get some feedback on our direction.”

Bill : “Sounds good, just keep it discreet.”

And so I was off to Orlando.

On trade show day I wandered the floor with my little badge identifying me as a representative of the publishing company Ziff Davis.  I walked booth to booth introducing myself and asking about what new products were being featured.

The strategy was working.  Various marketing executives were eager to tell me about their new offerings.  Once we had a little rapport going, and I had gathered the information I needed for my product review, I would attempt to work into the conversation that I was not only a part-time feature writer, but also a tech entrepreneur. Much to my surprise, most people were curious to learn about my endeavor and our start up technology.  That was until I entered the Nortel Booth.

When I brought up my alter ego personality as an entrepreneur to the Nortel Marketing rep, he blew a gasket and had me escorted from his booth by some henchmen.  It was  one of those demoralizing, embarrassing moments as an entrepreneur that you just have to push past.

Obviously, we kept going and there were many more dead ends to come. I learned just as in the hospital, whether your an advocate for your product, or your ailing mother, you must push ahead and continue to work out of the box.  And yes, I eventually did get back into the ER, and yes, it was embarrassing.

As a reference, here are links to some of the trade magazine articles I wrote back in the Mid 2000’s:

https://www.extremetech.com/extreme/80248-analysis-vuzes-allegations-are-anecdotal-but-troubling

https://www.pcmag.com/news/210995/analysis-the-white-lies-isps-tell-about-broadband-speeds

 

 

 

NetEqualizer Speeds up Websites with Embedded Video


Maybe I am old school, but when I go to a news site, I typically don’t want to watch videos of the news.  I want to skim the article text and move on. I find reading my news  to be a much more efficient way of filtering the content I am interested in.    The problem I have run into recently is that the text portion of news site portals loads much more slowly than a few years ago.  The text portions are starved for bandwidth while waiting for a video to load.  Considering text takes up very little bandwidth it should load very quickly, if not for that darn video!

Solution.

I can easily tune my NetEqualizer to throttle video, and leave text alone, thus I can get to reading the text without having to wait on the video to load.  It may seem counter-intuitive, but slowing a website video down does make the page load faster.

Here is a behind the scenes explanation of how the NetEq enhances the speed of some of the popular news sites when the stories are loaded with embedded video.

  • Your browser typically attempts to load multiple elements of a webpage at one time.  So I can’t really blame the browser for the text delays. Both the video and text, along with other images, all load simultaneously from the browsers perspective.
  • Video by its nature tries to buffer ahead when bandwidth is available.
  • With my business grade 20 megabit Internet, the video buffering will dominate the entire 20 megabits.  The text loading, even though small with respect to data, tends to suffer in the wings when a video download is dominating the link.
  • Why exactly the text loading does not get equal cycles to load I am not 100 percent sure, but people who design routers have told me that the persistent video connection once started is favored by the router over other packets.
  • The  NetEqualizer by its own design punishes large streams by slowing them down when your link is at capacity.    This allows the text loading a nice chunk of bandwidth to work with and it loads much more quickly than when competing with the video stream.

For  more details on how this works we have a youtube that explains it all.

 

 

 

 

NetEqualizer News: October 2018


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include our 8.6 Release finishing its testing phase and more!

 

October 2018

 

8.6 Release is Ready for Pre-Release!
Greetings! Enjoy another issue of NetEqualizer News.

Here in Colorado, we never really got a chance to experience a light frost. We went from a balmy 65 degrees on October 13th to winter with snow with temperatures in the mid teens on October 14th.
Like the changes in the weather, the NetEqualizer feature set is always evolving. In this issue we bring you the new 8.6 release, and as an added bonus a little out of-the-box thinking for the future. 

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net. 

– Art Reisman (CTO)

In this Issue:

:: The 8.6 Release is GA

:: Far-out Product Ideas

The 8.6 Release is GA

8.6 is now available for everyone!

How to get 8.6

Just e-mail us at support@apconnections.net or call us at 303-997-1300 during business hours to get the ball rolling.

Is upgrading painful?

No needles we promise! The upgrade process for 8.6 requires running a couple of commands from the GUI and then a single reboot. Worst case you should expect a 30 second service outage.

What is in 8.6?

Perhaps you missed our internal review back in August when we were testing. Here are the details of the main 8.6 features.  You can also read our full 8.6 Release Notes on our blog site at any time.

1) Scalable Time and Date for Reporting

Ever ask the question, “what was my bandwidth usage between 9:00pm and 12:00 pm last Thursday?” We now have the answer at your finger tips. Using the time and date range bar, located at the top of all our graphical reports, you can hone in on a particular time/date period – immediately rescaling the report as you move the bar. Our previous releases had fixed time periods of one day, one week, one month, etc. which was nice, but nowhere near as convenient. This was one of our most requested features.

2) Set your Priority to expire

Giving a user priority is akin to giving them permanent keys to the Fort Knox of Bandwidth. Perhaps you have a user that has a good reason for some extra bandwidth on Tuesday evening due to a business presentation; but come Wednesday you don’t wan’t their laptop with priority to accidentally go off in the middle day on a 50G backup with unlimited bandwidth, that might bring your network to a crawl. Never fear! Now, when assigning priority you can set an expiration date on your priority and avoid leaving that gate open.

3) Watch individual usage live on your screen

We have always had static reports on historical usage per IP, and now we have added a real time bar chart that updates once a second, so you can see in real time what a single IP is doing in terms of usage. I have used it while watching youtube and Netflix video, and was surprised to see how these application will consistently burst ahead to buffer up large chunks of bandwidth just by watching the usage bar jump up. I had suspected this behavior from Netflix, but it was nice to see it confirmed visually on my screen.

4) Bursting Pool/Subnet settings

People have always liked our pool/subnet shaping feature, but we often get asked by customers to relax enforcement during slack usage times. For example, if you have your guest wireless network restricted to 50 megabits on a 1G circuit on our 8.5 release, those users will never be able to go above 50 megabits. Now in 8.6, if you put a 50 megabit restriction on a group you can tell the NetEqualizer only to enforce that rule when the entire circuit is at capacity. With our 8.6 release, you have the choice of keeping the hard 50 megabit restriction in place all the time, or to only enforce this restriction during peak times.

As always, the 8.6 Release will be free to customers with valid NetEqualizer Software and Support (NSS) plans. Renew today if you are not current!

Far-out Product Ideas

Some interesting product ideas, just for fun…

Every once in a while we try to get out of the box and think of ideas that will stretch the imagination a little bit. Below are a couple that came to mind today. If you have a far-out idea, we’d love to hear about it. As a technology company we are always looking for ways to leap frog into new paradigms.
Site Survey Drone
I suspect others have thought of this idea and perhaps it has been implemented, so apologies in advance in case this is not an original idea.
We know that there are a variety of ways to survey areas for wireless coverage, and yet once the service is rolled out, dead spots abound. The contractor in charge must rely on reports from customers, or physically walk the site to find areas lacking in coverage. Seems like a good job for a small drone? Yes you need to a little intelligence to self navigate, and perhaps there might be little problems like closed doors (there goes the engineer in me thinking of obstacles). Bottom line is, it could be done, and could save a good bit of time and money.
Cleaning your Keyboard After a Sticky Spill
Yes I am going farther out with this one, but what if there was some service where you could hire an ant colony to clean up that sugary mess on your key board or mother board? Would ants be able to do this job effectively? The idea came to me when I saw a heard of goats being used to clear brush and noxious weeds off public right aways and roadsides. Ants are tireless workers and love sugar and people are always destroying their electronics with sticky spills.
Automatic Survey Response Application for your Phone 
I get 10 robo-calls a day with operators spoofing caller ID’s. You really can’t block them because they have figured out how to come from a new number with every call, and if you do block them, you are likely blocking an innocent party, since the caller ID was hijacked. To date, the FCC seems reluctant to do anything about it. I am not sure why perhaps there is money in this traffic for the operators? Last I heard, 50 percent of outbound calls in the US is from this garbage spammed traffic.
My idea: What if you had a little intelligent application (your private Watson that understands context) on your phone that responded like a potential real customer. Here is an example interaction.

Robo-Caller: Hello this is Henry with the warranty department, did you know your 1978 Honda is not covered by warranty?

Robo-App: Wow, please tell me more!

Robo-Caller: For a simple $9.99 a month we can extend your expired manufacture’s warranty.

Robo-App: Yes I’d like to sign up…

And so on. The idea is to engage the robo-caller for as long as possible, thus wasting their time to the point where the spamming operation is no longer viable.

Please email me at art@apconnections.net to share your far-out idea!
Blueberry Picking in New York

This picture is of a late summer right of passage in New York – picking blueberries with the family. It was taken last year at a blueberry patch in the Finger Lakes.

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

NetEqualizer News: August 2018


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include our 8.6 Release finishing its testing phase and more!

 

August 2018

 

8.6 Release is Ready for Pre-Release!
Greetings! Enjoy another issue of NetEqualizer News.

Wow how the summer flies by. The public schools here in Colorado are all in full session this week. By the time Labor day roles around, the buses will have been rolling for two weeks. Even though the days are still hot, and it still feels like summer outside our offices, nature is starting to signal the end of the season. The orioles that frequented our backyard feeder since May have headed south, replaced by migrating humming birds that are coming down from the mountains on their journey to Mexico and beyond. Best of all, August signals the completion of the 8.6 testing cycle. We will be releasing 8.6 with all its amazing new features in just a few days! 

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net. 

– Art Reisman (CTO)

In this Issue:

:: The 8.6 Release

:: Call Out for Pre Release Testing

:: Best of Blog: Three Myths About QoS and Your Internet Speed

The 8.6 Release

8.6 is headed to pre-release!

There are quite a few “wow” features in this upcoming release. Here are some first impressions now that our early beta users have had a chance to kick the tires on a live 8.6 system…

1) Scalable Time and Date for reporting

Ever ask the question, “what was my bandwidth usage between 9:00pm and 12:00 pm last Thursday?” We now have the answer at your finger tips. Using the time and date range bar, located at the top of all our graphical reports, you can hone in on a particular time/date period – immediately rescaling the report as you move the bar. Our previous releases had fixed time periods of one day, one week, one month, etc. which was nice, but nowhere near as convenient. This was one of our most requested features.

2) Set your Priority to expire

Giving a user priority is akin to giving them permanent keys to the Fort Knox of Bandwidth. Perhaps you have a user that has a good reason for some extra bandwidth on Tuesday evening due to a business presentation; but come Wednesday you don’t wan’t their laptop with priority to accidentally go off in the middle day on a 50G backup with unlimited bandwidth, that might bring your network to a crawl. Never fear! Now, when assigning priority you can set an expiration date on your priority and avoid leaving that gate open.

3) Watch individual usage live on your screen

We have always had static reports on historical usage per IP, and now we have added a real time bar chart that updates once a second, so you can see in real time what a single IP is doing in terms of usage. I have used it while watching youtube and Netflix video, and was surprised to see how these application will consistently burst ahead to buffer up large chunks of bandwidth just by watching the usage bar jump up. I had suspected this behavior from Netflix, but it was nice to see it confirmed visually on my screen.

4) Bursting Pool/Subnet settings

People have always liked our pool/subnet shaping feature, but we often get asked by customers to relax enforcement during slack usage times. For example, if you have your guest wireless network restricted to 50 megabits on a 1G circuit on our 8.5 release, those users will never be able to go above 50 megabits. Now in 8.6, if you put a 50 megabit restriction on a group you can tell the NetEqualizer only to enforce that rule when the entire circuit is at capacity. With our 8.6 release, you have the choice of keeping the hard 50 megabit restriction in place all the time, or to only enforce this restriction during peak times.

As always, the 8.6 Release will be free to customers with valid NetEqualizer Software and Support (NSS) plans. Renew today if you are not current!

Beat the crowd get a pre-release version

We need your help!

As of August 15th, we have completed all of our pre-release testing and declared 8.6 stable and ready for live customers! If you are dying to get your hands on any of our new features described above, please e-mail us and we will be glad to send out a pre-release version.

Best Of Blog

Three Myths About QoS and Your Internet Speed

By Art Reisman
This month’s best of blog talks about QoS and your Internet speed. It’s one of our favorites! Enjoy.

—————————————————————————————————————–
Myth #1: A QoS device will somehow make your traffic go faster across the Internet.
The Internet does not care about your local QoS device. In fact, QoS means nothing to the Internet. The only way your traffic can get special treatment across the Internet would be for you to buy a private dedicated link – which is really not practical for general Internet usage, as it would only be a point-to-point link…

Photo of the Month
Blueberry Picking in New York

This picture is of a late summer right of passage in New York – picking blueberries with the family. It was taken last year at a blueberry patch in the Finger Lakes.

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

NetEqualizer 15 Year Anniversary, Celebrating Famous NetEqualizer Users


First off, before I get into trouble , I want to assure all of our customers that in no way do we actually know or have data on who has had their personal traffic pass through a NetEqualizer over the past 15 years. What we can surmise, with a degree of probability/speculation, based on many of the locations we are installed  is , who has likely seen their traffic pass through our device.  What follows is a list of  those likely candidates

Michael Phelps:   For many years we were the primary source of Bandwidth Control in the olympic training center in Colorado Springs where many of the Olympic Swim team would practice  prior to the Olympics.  Basically any olympic athlete that connected to the wireless network in the training center from 2006 through 200? had their traffic pass though a NetEqualizer

 

Donald Trump:  NetEqualizer products have been used in several Los Angeles/Hollywood production studios where taping and of popular television shows take place , after taping the raw cuts are sent from the studio’s for editing and distribution. Yes it is very likely the Apprentice was taped in a Studio where the NetEqualizer was the Primary bandwidth  control solution.

 

The Pope:  Not sure if the Pope uses the Internet when he visits the US embassy in the Vatican but yes we do have NetEqualizer installed in the Vatican

 

Jerry Jones:  We have a NetEqualizer handling the traffic in the AT&T stadium business and conference center. I suspect that Jerry has wondered into that section of the Building  on occasion

Mark Cuban:  I have exchanged e-mails with Mark on a few other idea’s  un related to NetEqualizer. In our office  all of our traffic pass through our local NetEqualizer , hence I know with certainty that our e-mail exchange went through a NetEqualizer!

 

Barack Obama:  Prior to becoming president Mr Obama visited the Green Zone in Afghanistan along with other members of congress. At the time we had several systems in the green zone ( basically little american cities for Military people stationed there) keeping their wifi up and running.  For non secure communications he would have been using the local wifi and thus passing through a NetEqualizer.

These are just a few instances where I could logically place  these celebrities in locations where active NetEqualizers were shaping traffic.  Of course, we have  had many thousands of units installed over the years and the possibilities   are  endless.    Tens  of millions of users have passed through our controllers over the years . From Resort Hotels, Sports Venues , Universities, Conferences Centers, Fortune 500 business, and many many Rural and small Town ISPs all have deployed our equipment. Hence the actual list of famous people who have stumbled through a NetEqualizer is likely much higher, stay tuned for more to come.

 

By Art Reisman CTO/ Co Founder NetEqualizer

 

 

though

%d bloggers like this: