Krebs on Security booted off Akamai network after DDoS attack proves pricey

Hugo Slabbert hugo at
Mon Sep 26 03:54:00 UTC 2016

On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine <johnl at> wrote:

>>The attack is triggered by a few spoofs somewhere in the world. It is not
>>feasible to stop this.
>That paper is about reflection attacks.  From what I've read, this was 
>not a reflection attack.  The IoT devices are infected with botware 
>which sends attack traffic directly.  Address spoofing is not particularly 
>useful for controlling botnets.  

But that's not only remaining use of source address spoofing in direct 
attacks, no?  Even if reflection and amplification are not used, spoofing 
can still be used for obfuscation.

>For example, the Conficker botnet generated pseudo-random domain names 
>where the bots looked for control traffic.
>>Please see
>Uh, yes, we're familiar with that.  We even know the people who wrote 
>it. It could use an update for IoT since I get the impression that in 
>many cases the only way for a nontechnical user to fix the infection 
>is to throw the device away.
>John Levine, johnl at, Primary Perpetrator of "The Internet for Dummies",
>Please consider the environment before reading this e-mail.

Hugo Slabbert       | email, xmpp/jabber: hugo at
pgp key: B178313E   | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list