Krebs on Security booted off Akamai network after DDoS attack proves pricey

Alexander Lyamin la at
Sun Sep 25 18:48:53 UTC 2016

This time around its not about spoofing.

I presume this is development of the same botnet/worm that we seen day2 of
Shellshock public disclosure - its was pretty hightech - golang,
arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly)
very effective password guessing.
It counted  ~100k heads on day2,  and i suppose they did grew quite a bit.

Thats part of a problem why cause that much havoc - they do have real IP
addresses and reasonably well conected - so they can wreck a havoc in
bandwidth and tcp stack.

They most likely do not have enough resources to do Full Browser Stack,
thats why I think  L7 capabilities of the botnet will be very basic.

On Sun, Sep 25, 2016 at 7:00 PM, John Kristoff <jtk at> wrote:

> On Sun, 25 Sep 2016 14:36:18 +0000
> Ca By <cb.list6 at> wrote:
> > As long as their is one spoof capable network on the net, the problem
> will
> > not be solved.
> This is not strictly true.  If it could be determined where a large
> bulk of the spoofing came from, public pressure could be applied.  This
> may not have been the issue in this case, but in many amplification and
> reflection attacks, the originating spoof-enabled networks were from a
> limited set of networks.  De-peering, service termination, shaming, etc
> could have an effect.
> John


Alexander Lyamin

CEO | Qrator <>* Labs*

office: 8-800-3333-LAB (522)

mob: +7-916-9086122

skype: melanor9

mailto:  la at

More information about the NANOG mailing list