Krebs on Security booted off Akamai network after DDoS attack proves pricey

Christopher Morrow morrowc.lists at gmail.com
Sat Sep 24 01:58:42 UTC 2016


On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis <jlewis at lewis.org> wrote:

> On Fri, 23 Sep 2016, Patrick W. Gilmore wrote:
>
> Is CloudFlare able to filter Layer 7 these days? I was under the
>> impression CloudFlare was not able to do that.
>>
>> There have been a lot of rumors about this attack. Some say reflection,
>> others say Layer 7, others say .. other stuff. If it is Layer 7, how are
>> you going to ÿÿstep in front of the cannonÿÿ? Would you just pass through
>> all the traffic?
>>
>
> Anycast + load balancers + high powered varnish?
>
>
notionally (because I have been paying zero attention to this) jon's
suggesting:
  1) setup a crapload of nginx/squid/etc configured tightly for things to
be accessed behind them
  2) ecmp to them across several layers (assume 32 ecmp at each layer, call
it 4 layers get craploads of machines running)
  3) change over the dns
  4) profit--

eh? If you can eat the PPS, you can spray across enough tcp listeners, you
can weed out the chaff and start filtering in the 'application'... perhaps
also run a 'low bandwidth' version of the target site...

hey look, we invented prolexic.



More information about the NANOG mailing list