nanog mailing list archives
Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey
From: "John R. Levine" <johnl () iecc com>
Date: 25 Sep 2016 17:01:55 -0400
https://www.internetsociety.org/sites/default/files/01_5.pdf The attack is triggered by a few spoofs somewhere in the world. It is not feasible to stop this.
That paper is about reflection attacks. From what I've read, this was not a reflection attack. The IoT devices are infected with botware which sends attack traffic directly. Address spoofing is not particularly useful for controlling botnets. For example, the Conficker botnet generated pseudo-random domain names where the bots looked for control traffic.
Please see https://www.ietf.org/rfc/rfc6561.txt
Uh, yes, we're familiar with that. We even know the people who wrote it. It could use an update for IoT since I get the impression that in many cases the only way for a nontechnical user to fix the infection is to throw the device away.
Regards, John Levine, johnl () iecc com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
Current thread:
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey, (continued)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Milhollan (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Royce Williams (Sep 26)
- Message not available
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Kristoff (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Jay R. Ashworth (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mike Hammett (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Ca By (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John R. Levine (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Hugo Slabbert (Sep 25)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey John Levine (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Livingood, Jason (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Christopher Morrow (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Roland Dobbins (Sep 26)
- Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey Mark Andrews (Sep 26)