nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

From: Alexander Lyamin <la () qrator net>
Date: Sun, 25 Sep 2016 20:48:53 +0200
This time around its not about spoofing.

I presume this is development of the same botnet/worm that we seen day2 of
Shellshock public disclosure - its was pretty hightech - golang,
arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly)
very effective password guessing.
It counted  ~100k heads on day2,  and i suppose they did grew quite a bit.


Thats part of a problem why cause that much havoc - they do have real IP
addresses and reasonably well conected - so they can wreck a havoc in
bandwidth and tcp stack.

They most likely do not have enough resources to do Full Browser Stack,
thats why I think  L7 capabilities of the botnet will be very basic.



On Sun, Sep 25, 2016 at 7:00 PM, John Kristoff <jtk () depaul edu> wrote:


On Sun, 25 Sep 2016 14:36:18 +0000
Ca By <cb.list6 () gmail com> wrote:


As long as their is one spoof capable network on the net, the problem

will

not be solved.


This is not strictly true.  If it could be determined where a large
bulk of the spoofing came from, public pressure could be applied.  This
may not have been the issue in this case, but in many amplification and
reflection attacks, the originating spoof-enabled networks were from a
limited set of networks.  De-peering, service termination, shaming, etc
could have an effect.

John





-- 

Alexander Lyamin

CEO | Qrator <http://qrator.net/>* Labs*

office: 8-800-3333-LAB (522)

mob: +7-916-9086122

skype: melanor9

mailto:  la () qrator net
Previous By Date Next
Previous By Thread Next

Current thread: