Krebs on Security booted off Akamai network after DDoS attack proves pricey
Alexander Lyamin
la at qrator.net
Sun Sep 25 18:48:53 UTC 2016
This time around its not about spoofing.
I presume this is development of the same botnet/worm that we seen day2 of
Shellshock public disclosure - its was pretty hightech - golang,
arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly)
very effective password guessing.
It counted ~100k heads on day2, and i suppose they did grew quite a bit.
Thats part of a problem why cause that much havoc - they do have real IP
addresses and reasonably well conected - so they can wreck a havoc in
bandwidth and tcp stack.
They most likely do not have enough resources to do Full Browser Stack,
thats why I think L7 capabilities of the botnet will be very basic.
On Sun, Sep 25, 2016 at 7:00 PM, John Kristoff <jtk at depaul.edu> wrote:
> On Sun, 25 Sep 2016 14:36:18 +0000
> Ca By <cb.list6 at gmail.com> wrote:
>
> > As long as their is one spoof capable network on the net, the problem
> will
> > not be solved.
>
> This is not strictly true. If it could be determined where a large
> bulk of the spoofing came from, public pressure could be applied. This
> may not have been the issue in this case, but in many amplification and
> reflection attacks, the originating spoof-enabled networks were from a
> limited set of networks. De-peering, service termination, shaming, etc
> could have an effect.
>
> John
>
--
Alexander Lyamin
CEO | Qrator <http://qrator.net/>* Labs*
office: 8-800-3333-LAB (522)
mob: +7-916-9086122
skype: melanor9
mailto: la at qrator.net
More information about the NANOG
mailing list