Krebs on Security booted off Akamai network after DDoS attack proves pricey

John R. Levine johnl at
Sun Sep 25 21:01:55 UTC 2016

> The attack is triggered by a few spoofs somewhere in the world. It is not
> feasible to stop this.

That paper is about reflection attacks.  From what I've read, this was not 
a reflection attack.  The IoT devices are infected with botware which 
sends attack traffic directly.  Address spoofing is not particularly 
useful for controlling botnets.  For example, the Conficker botnet 
generated pseudo-random domain names where the bots looked for control 

> Please see

Uh, yes, we're familiar with that.  We even know the people who wrote it. 
It could use an update for IoT since I get the impression that in many 
cases the only way for a nontechnical user to fix the infection is to 
throw the device away.

John Levine, johnl at, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail.

More information about the NANOG mailing list