Archlinux project down inc forums due to DDoS attack for the last few days

[Eadwine Rose]

I think many will create things, like the bots attacks and whatever, just for sport, to see if they can do it. I doubt there is any scheme behind it. But the larger the better.. "because -I- did that".

I doubt there is a 'purposely doing things' to bring other distros or OSes down.

[AVLinux]

Hmmm,

Anything is possible but only a few things are probable.. Blaming Microsoft for this is getting into tinfoil hat territory for me. Linux in many ways is it's own worst enemy and I tend to agree with @Eadwine Rose bots being deployed by humans or by bots attacking easier 'first' targets like Linux organizations are probably good starter projects on how to learn to effectively attack larger and better fortified targets in the future for whatever actors or players would benefit. If Microsoft wanted to do Linux harm it could start with pulling strings at github where most Linux projects have their source code and development work laid out for all to see..

[AK-47]

Well, I read an article that said they did not want to use cloudflare or another provider like that as they were not open source. So.. they are attempting to fix it internally.. which is rather difficult!

Cloudflare would be a good way to stop this, but it isn't the panacea of DDoS attacks. In fact, Cloudflare being an escrow to much of the Internet traffic actually poses a serious privacy/security risk in terms of data and metadata that is now a gold-mine to cyber crooks. The LKML site uses Anubis for example, which offload a challenge to be computed by the client. The idea being to make it economically infeasible to flood a server.

They're gonna have to cave in the end. *shrug* Can't really get around it unless you block a LOT of countries. Then still.

Yep, and good luck getting that to work correctly with IPv6!

Can only be Micro$oft. Especially with Deb 13 coming out and Win 10 reaching EOL.

I'm not sure if you are joking or not, but it's unlikely for Microsoft to care about something that will hardly make as much as a scratch in their market share. A solid chunk of their case are enterprise clients also. They themselves use Linux for their Azure platform, and they have WSL2 up their belt. By the time Windows 10 reaches EOL most will have already moved to Windows 11.

EDIT: Seriously though, this is probably why it makes sense to run a more stable distro than a bleeding edge one especially one where users can upload their own packages (AUR).

Ideally it would be nice if, rather than a central repository of every single application, there could be a more distributed approach (and before anyone yells "Flatpak!", that is not a great example). Windows and Mac OS have it right in a way for a long time, with users being able to run software from CDs or downloaded files, and there's even some decent-ish signing infrastructure surrounding it. The real issue isn't about whether a distro is stable or bleeding edge but whether the infrastructure is secure enough, even a "stable" distro can suffer from these security mishaps.

[BitterTruth]

Microsoft was a joke. None of the big players have an interest in taking down linux since they all benefit from it with their cloud services and embedded device support. You might be surprised at the players who are often behind this like cyber criminal gangs (gaming and gambling companies, data theft), governments for varying reasons. It's easily done through the billions of unsecured IoT devices out there (routers, cameras, watches, door bells etc) hence the name 'distributed' denial of service.

Also since covid, there was a massive rush to get a lot of services online. Alot of it was done without the proper security considerations.

Just to mention a few of the more high profile ones:

1) Mirai botnet attack 2016 (Highest profile Netflix, Twitter, Reddit, power stations, solar farms)
2) Stuxnet (Iran's Natanz plant nuclear recators)
3) Estonian government (targeted by Russia over World War 2 monument)
4) Linux Aidra
5) Bashlite (100000 devices precursor to Mirai)
6) Verkada (150,000 cameras hacked)
7) Memcached (Github and others)
Emotet
9) Popvote (Hong Kong’s Occupy Central protests)
10) Microsoft Azure (attack from estimated 10,000 sources in 10 different countries)
11) NoName57 (hacktivist - targeted European power suppliers and public transport networks, media)

Even if it looks like it's targeted at Arch, there are most likely secondary payloads that are targeting multiple other systems (banking, hospitals, government databases).

What's worse is that these same ones will just evolve and appear again.

@AK-47 With stable distros you inherently have a much lower chance of getting package updates therefore the risk is severly reduced. Package propogation is slower. In bleeding edge distros packages are ready for download as soon as they become available. If packages get infected, they aren't tested as severly and the potential for the spread of any infected files is much much greater.

[BitterTruth]

If anyone's interested in the nitty gritty of how it works, here's something on the recent Pumabotnet which targeted ssh; pretty digestible:

https://www.darktrace.com/blog/pumabot- ... ce-devices

EDIT: check out 'Jia Tin', a malicious kernel maintainer/developer who worked for about 2 years on the XZ utils package to build trust and credibility. After 2 years of credibility, 'they' were found by Adreas Freund, to have introduced a multipronged back door into the package, allowing access via ssh.

[BitterTruth]

If anyone's interested in the nitty gritty of how it works, here's something on the recent Pumabotnet which targeted ssh; pretty digestible:

https://www.darktrace.com/blog/pumabot- ... ce-devices

EDIT: check out 'Jia Tan', a malicious kernel maintainer/developer identity who worked for about 2 years on the XZ utils package to build trust and credibility. After 2 years of credibility, 'they' were found by Adreas Freund, to have introduced a multipronged back door into the package, allowing access via ssh.

[AK-47]

Microsoft was a joke. None of the big players have an interest in taking down linux since they all benefit from it with their cloud services and embedded device support. You might be surprised at the players who are often behind this like cyber criminal gangs (gaming and gambling companies, data theft), governments for varying reasons. It's easily done through the billions of unsecured IoT devices out there (routers, cameras, watches, door bells etc) hence the name 'distributed' denial of service.

Also since covid, there was a massive rush to get a lot of services online. Alot of it was done without the proper security considerations.

Indeed, I am not a fan of "IoT" or "cloud-based" anythings as a result (beyond "cloud based" services that behave more like dynamic DNS services for some devices where remote access is often useful).

@AK-47 With stable distros you inherently have a much lower chance of getting package updates therefore the risk is severly reduced. Package propogation is slower. In bleeding edge distros packages are ready for download as soon as they become available. If packages get infected, they aren't tested as severly and the potential for the spread of any infected files is much much greater.

Sort of. The curation processes are similar in bleeding-edge distros, although now there is a bit more work to get security patches backported into stable distros. The advantage of the stable distro being, there is a lower chance that an update will bork something in the system due to version incompatibilities. But as we have seen here multiple times, it's not negligible. Another example was the Xscreensaver time bomb SNAFU about a decade ago. Slower propagation doesn't mean more testing.

[mxxm]

Some automated BotNet that is targeting Linux infrastructure as a whole? Thinkable, not probable though.
With AI Agents and whatnot i cant imagine how rudimentary botnets of the past can scale to new highs with todays available tech..endless possibilities

[rambo919]

At what point do we suspect skynet?

Only half joking at this point....