From:                              Craig Phillips <> on behalf of Craig Phillips <>

Sent:                               Thursday, November 03, 2016 7:45 PM


Subject:                          Cocktail Talk - Friday's DDoS



Cocktail Talk

November, 2016

Cocktail Talk

Dear Craig:   

Welcome to CN Consulting's "Cocktail Talk".


Cocktail Talk is a casual monthly newsletter intended to arm you with amusing bits and bytes of information on whats happening in the computer world. Topics sure to break the ice and capture an audience at many a social or business event.


Cocktail Talk is archived on


Currently, on Cocktail Talk - Friday's DDoS


It was a Friday morning two weeks ago today. Maybe you were like millions of other Americans that settled into their work days to check email, the stock market, and news on the internet only to find there was no internet.

The news covered it, kind of, they threw out some buzz words without explanation like DDoS IP Address, DNS, and NetBot. Cyber Criminals attacked the Eastern Seaboard at 7 AM and again at noon the attack spread to the West Coast. A third attack was launched at 4PM the same day.

This isn't Rocket Science, let's take a look at what happened without the media's "don't worry your pretty little head about it" condescending spin. Here's what the media thinks we're unable to understand.

Everyone has an address, an Internet Protocol (IP) Address, it's how people find you to send your email and internet pages and stuff. Just like you have a street address to get your mail. 


The IP Address of your house or business is a Public Facing address. The addresses under your roof are Private Facing. The mail comes to your house on the Public IP and you give it to the right person living there on their Private IP. Not so hard.

IP Addresses are just numbers. A typical IP address could be IP Addresses commonly fall in a range from to

We don't search the internet by IP Address. We search for a website by name, or send an email to a company name. These names are called Domains.,, and are examples of Domain Names.

A number of companies called Domain Name Services manage the responsibility of converting Domain Names into IP Addresses so we can find what we're looking for. They do this by establishing a worldwide network of Domain Name Servers (DNS) that translate Domain Names into IP Addresses. For instance, the Domain Name has an IP Address of

One such Domain Name Service (DNS) company is Dyn. Dyn was the target of the Eastern Seaboard attack. What the Cyber Criminals did was overload Dyn's Domain Name Servers with so many requests that they were unable to keep up with them all and couldn't turn our Domain Name based internet searches into IP Addresses. The switchboard was overloaded. How they did it was brilliant.

The May 2014 Cocktail Talk "Low Orbit Ion Canons" talked about Distributed Denial of Service (DDoS) attacks. DDoS are just a large number of requests intended to overload the target so greatly that it can't respond. One sending IP Address is not enough to overload a Domain Name Server, much less an entire army of them. That's where the distributed part comes in. 500,000 IP Addresses sending requests can, and did, cripple an army of Domain Name Servers.

September 2016's Cocktail Talk "The Deep Dark Web" talked about unsecured web cameras. Cameras that you and I can choose from a website and become voyeurs of coffee shops, pools, bars and college campuses. We all have unsecured stuff. How many of you have factory provided passwords on your gear at home or work? It's looking like a lot right now. But how do you get so many people on board? You do it without them knowing. You BotNet them.

BotNet, another buzz word the media threw around feeling you couldn't possibly understand. It's simple, the Cyber Criminals find your unprotected, or factory password protected, device's IP Address and put some bad software on it. Software that's going to do something bad when they tell it to. Like overrun Dyn's Domain Name Servers with a lot of devices sending requests at the speed of light.

That's what they did. The bad guys found a company that had enough unprotected DVRs and cameras with Public Facing IP Addresses and used a BotNet to launch a DDoS from possibly 500,000 devices on an army of Domain Name Servers and cripple it.




IP Addresses, BotNet, DDos, DNS, it's not Rocket Science, and that's Cocktail Talk.



Thank you for reading,



Craig Phillips

CN Consulting, Inc.





CN Consulting, Inc -
Computer Consulting for Business!



CN Consulting Inc. (CNCI) is an independent consulting company formed in 1990 and located within easy reach of both Chicago and Milwaukee.


CNCI maintains a select client base providing consulting services concerning the use of information technology. We persistently look for advantage to our clients in added value and reduced cost made available by advancing technology.


CNCI does not have financial interest in any given product or product line. We evaluate current and emerging technologies solely based on their benefit to our clients. CNCI implements the solutions it recommends and readily partners with companies that offer products and services to the advantage of our clients. CNCI offers complete client support with singular accountability.


We maximize the benefit of our clients' existing technology, systems, and platforms while integrating the benefits provided by new technology.


Business Continuity and Business Development are our goals with Continuity being the foundation of Development.


CN Consulting, Inc., 23830 112th St, Salem, WI 53179



Sent by in collaboration with


This email was sent by the author for the sole purpose of testing a draft message. If you believe you have received the message in error, please contact the author by replying to this message. Constant Contact takes reports of abuse very seriously. If you wish to report abuse, please forward this message to

No virus found in this message.
Checked by AVG -
Version: 2016.0.7859 / Virus Database: 4664/13342 - Release Date: 11/03/16