Raspberry Pi Foundation hit by grudge DDoS attack

Hands off the Pi

By John E Dunn, Techworld |  Security, Raspberry Pi

The tiny Raspberry Pi Foundation website and forum has been hit by two short but nasty DDoS attacks in the last week, the second attack flurry that has targeted the organisation since last summer, staff have confirmed.

The first botnet attack that disrupted the site for an hour on the afternoon of 3 March was described as "grimly familiar" after a spate of similar SYN flood bombardments last summer.

Although not massive by DDoS standards - about 100kbps - the Foundation's ISP reacted in orthodox fashion by swapping DNS servers, which the probably automated attack didn't adjust to.

The attackers then came back for another bite on 5 March before eventually giving up after a couple of hours.

The scale and size of the attacks is probably less significant than the fact that a small non-commercial Foundation could be the target of a grudge attack in the first place.

But having invented the most famous computer to emerge from Britain in a generation, the Raspberry Pi Foundation isn't any small non-commercial organisation as far as outsiders are concerned.

DDoS attacks are utterly routine but based on the description offered by staff this one looks as if it had more conscious design.

"We had a little flurry of SYN attacks last summer; but when the people on the other end of the botnet realised they weren't having much luck knocking raspberrypi.org over they decided to target some Raspberry Pi fan sites," said Rasperberry Pi Foundation spokesperson, Liz Upton.

"[They] ended up focusing especially on a group of teenagers who were running a 48-hour Python hackathon to try to raise some money for our charity."

After being overwhelmed at first, the youngsters treated the DDoS defence as a learning experience and fended off the attack, she said.

The Foundation received no blackmail demand and has assumed the attacks are the work of a "lone sociopath."

"It's uncomfortable knowing you've attracted this sort of attention; we're pretty confident we've not done anything to outrage the blackhat community," said Upton.

Although the organisation's website isn't used as a sales channel it is an important starting point for the computer's million-strong user base, as well as hosting its busy developer and user forum.

"It's sad to see the Raspberry Pi Foundation, a charity with a good cause at its heart, has been the focus of a vicious attack," commented Arbor Networks channel director, Jeremy Nicholls.

"The explosion of inexpensive and readily-accessible attack tools is enabling almost anybody to carry out DDoS attacks."

Don't miss...

8 famous software bugs in space

25 crazy and scary things the TSA has found on travelers

The 6 biggest tech companies you (probably) never heard of

  Sign me up for ITworld's FREE daily newsletter!

Originally published on Techworld |  Click here to read the original story.
Join us:






Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.


    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question