Refreshing your browser made that huge DDoS attack seem much worse

While much of the internet was frantically trying to refresh their browsers on Friday, the folks at Dyn were facing a huge digital assault that appeared to be coming from just about everywhere.

Their servers were swamped and, because Dyn provides domain name services to many of the most popular sites on the internet, that's all the online community was talking about.

SEE ALSO:How an attack on a company you've never heard of crushed the internet

The attack -- known as a distributed denial of service (DDoS) -- was indeed bad. DDoS attacks are defined by a flood of "junk data" that clogs a specific site so legitimate users can't get through.

DDoS attacks flood servers with "junk" traffic, preventing legitimate users from gaining access.Credit: Silas Stein/picture-alliance/dpa/AP Images

Someone -- Dyn won't comment on who, but more on that later -- had hacked a significant number of video cameras and digital video recorders hooked up to the internet, and hurled that junk data at Dyn.

The domino effect left websites such as Twitter, Spotify and others sluggish or unreachable to the average user, so users naturally refreshed their pages again and again.

Mashable Top StoriesStay connected with the hottest stories of the day and the latest entertainment news.Sign up for Mashable's Top Stories newsletterBy signing up you agree to our Terms of Use and Privacy Policy.Thanks for signing up!

That was all legitimate traffic, but according to a Wednesday post on Dyn's website, it was hard to distinguish legitimate from malicious traffic at the time. They thought they were defending themselves from something even greater, as many IP addresses generated 10 to 20 times their normal amount of traffic.

"When DNS traffic congestion occurs, legitimate retries can further contribute to traffic volume," Scott Hilton, the executive vice president of product at Dyn, wrote in Wednesday's post. "We saw both attack and legitimate traffic coming from millions of IPs across all geographies. It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be."

Dyn is still looking into the roots of the attack.Credit: AP Photo/The Christian Science Monitor, Ann Hermes

Dyn now estimates the attack came from around 100,000 "malicious endpoints," rather than millions as previously expected.

Though they're not saying who hacked the devices needed to mount the attack, Dyn and Flashpoint, a cybersecurity firm, have confirmed that the hackers used a malware known as Mirai to break into the cameras and DVRs.

Flashpoint hasn't confirmed a perpetrator either, but they have reason to believe the attack came from a hacker or group of hackers who just wanted to show off.

The cybersecurity firm found the attackers also hit a video game company while they were sending waves of junk data at Dyn, something that's not typical of a state actor or a group trying to steal money.

Instead, Flashpoint believes the hacker or the group is "likely connected to the English-language hacking forum community, specifically users and readers of the forum 'hackforums[.]net,'" a forum frequented by hackers who often launch similar types of attacks.

本文地址：http://1.zzzogryeb.bond/html/50d999039.html