Krebs on Security booted off Akamai network after DDoS attack proves pricey
John R. Levine
johnl at iecc.com
Sun Sep 25 21:01:55 UTC 2016
> https://www.internetsociety.org/sites/default/files/01_5.pdf
>
> The attack is triggered by a few spoofs somewhere in the world. It is not
> feasible to stop this.
That paper is about reflection attacks. From what I've read, this was not
a reflection attack. The IoT devices are infected with botware which
sends attack traffic directly. Address spoofing is not particularly
useful for controlling botnets. For example, the Conficker botnet
generated pseudo-random domain names where the bots looked for control
traffic.
> Please see https://www.ietf.org/rfc/rfc6561.txt
Uh, yes, we're familiar with that. We even know the people who wrote it.
It could use an update for IoT since I get the impression that in many
cases the only way for a nontechnical user to fix the infection is to
throw the device away.
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
More information about the NANOG
mailing list