Krebs on Security booted off Akamai network after DDoS attack proves pricey

Sven-Haegar Koch haegar at sdinet.de
Fri Sep 23 19:15:26 UTC 2016


On Fri, 23 Sep 2016, Mike wrote:

> On 09/23/2016 11:30 AM, Seth Mattinen wrote:
> > On 9/23/16 10:58, Grant Ridder wrote:
> > > Didn't realize Akamai kicked out or disabled customers
> > > http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ 
> > > 
> > > "Security blog Krebs on Security has been taken offline by host Akamai
> > > Technologies following a DDoS attack which reached 665 Gbps in size."
> > 
> > 
> > So ultimately the DDoS was successful, just in a different way.
> > 
> > ~Seth
> > 
> > 
> More technical information about the characteristics of these attacks would be
> very interesting such as the ultimate sources of the attack traffic
> (compromised home pc's?), the nature of the traffic (dns / ssdp
> amplification?), whether it was spoofed source (BCP38-adverse), and whether
> the recent takedown the vDOS was really complete or if it's likely someone
> else gained control of the C&C servers that controlled it's assets?

At least for the OVH case there is a bit of info:

https://twitter.com/olesovhcom/status/779297257199964160

"This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send 
>1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn."

c'ya
sven-haegar

-- 
Three may keep a secret, if two of them are dead.
- Ben F.



More information about the NANOG mailing list