China’s Yahoo Under DDoS Attack
According to logs, security devices the world over are seeing evidence of a reflective Distributed Denial of Service attack against www.yahoo.com.cn
The site is staying up despite the attack, but the effort to bring down Yahoo’s Chinese portal is significant. The top “attacking IP’s” for the past 24 hours on my network are the Chinese hosts.
Click here, here and here to see the reports from MyNetWatchman.com
The way this attack works is scores of computers, most likely a botnet, sends spoofed http requests to the chinese hosts, making it appear to be originating from systems all over the world. Yahoo will then attempt to reply to the requests. What security devices on networks then see are http acknowledgements directed to the spoofed IP addresses. Many security devices then send tcp resets back to the yahoo servers since they think this is a mistaken connection.
The end result is Yahoo gets flooded by both fake requests and subsequent tcp resets, making the site struggle to stay afloat.
This attack may be some type of hacktivism because Yahoo has cooperated with Chinese law enforcement to jail two dissidents that were using Yahoo’s blogging services to criticize the Chinese government.