nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Sven-Haegar Koch <haegar () sdinet de>
Date: Fri, 23 Sep 2016 21:15:26 +0200 (CEST)
On Fri, 23 Sep 2016, Mike wrote:


On 09/23/2016 11:30 AM, Seth Mattinen wrote:

On 9/23/16 10:58, Grant Ridder wrote:

Didn't realize Akamai kicked out or disabled customers
http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ 

"Security blog Krebs on Security has been taken offline by host Akamai
Technologies following a DDoS attack which reached 665 Gbps in size."



So ultimately the DDoS was successful, just in a different way.

~Seth



More technical information about the characteristics of these attacks would be
very interesting such as the ultimate sources of the attack traffic
(compromised home pc's?), the nature of the traffic (dns / ssdp
amplification?), whether it was spoofed source (BCP38-adverse), and whether
the recent takedown the vDOS was really complete or if it's likely someone
else gained control of the C&C servers that controlled it's assets?


At least for the OVH case there is a bit of info:

https://twitter.com/olesovhcom/status/779297257199964160

"This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send 

1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn."


c'ya
sven-haegar

-- 
Three may keep a secret, if two of them are dead.
- Ben F.
Previous By Date Next
Previous By Thread Next

Current thread: