nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: Mark Andrews <marka () isc org>
Date: Mon, 26 Sep 2016 07:07:25 +1000
This is such a golden opportunity for each of you to find compromised hosts on your network or your customer's network. The number of genuine lookups of the blog vs the number of botted machine would make it almost certain that anything directed at the blog is a compromised machine. A phone call to the customer / further analysis would reduce the false positive rate. Mark In message <CALoKGd2oN=mq_Gn75UrugUPDKfGPeD6cfq_AY+f-M1XUaCo46Q () mail gmail com>, Alexander Lyamin writes:
This time around its not about spoofing. I presume this is development of the same botnet/worm that we seen day2 of Shellshock public disclosure - its was pretty hightech - golang, arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly) very effective password guessing. It counted ~100k heads on day2, and i suppose they did grew quite a bit. Thats part of a problem why cause that much havoc - they do have real IP addresses and reasonably well conected - so they can wreck a havoc in bandwidth and tcp stack. They most likely do not have enough resources to do Full Browser Stack, thats why I think L7 capabilities of the botnet will be very basic. On Sun, Sep 25, 2016 at 7:00 PM, John Kristoff <jtk () depaul edu> wrote:On Sun, 25 Sep 2016 14:36:18 +0000 Ca By <cb.list6 () gmail com> wrote:As long as their is one spoof capable network on the net, the problemwillnot be solved.This is not strictly true. If it could be determined where a large bulk of the spoofing came from, public pressure could be applied. This may not have been the issue in this case, but in many amplification and reflection attacks, the originating spoof-enabled networks were from a limited set of networks. De-peering, service termination, shaming, etc could have an effect. John-- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la () qrator net
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Florian Weimer (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 27)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey jim deleskie (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Alexander Lyamin (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ryan landry (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Patrick W. Gilmore (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Dale W. Carder (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eygene Ryabinkin (Sep 27)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Baldur Norddahl (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Nick Hilliard (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Eliot Lear (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 24)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Chris Woodfield (Sep 25)