
KrebsOnSecurity being taken down due to persistent DDoS - heywire
http://twitter.com/briankrebs/status/779047286043185152
======
cjbprime
This is not the behavior I expect from a company (Akamai) that exists to
mitigate DDoS. As @TelcoAg comments:

> I'd blame the insurance company if they dropped me the second I was
> diagnosed with cancer

~~~
ryanlol
Akamai will certainly tank 665Gbps if you actually pay them for it...

What kind of an insurance company would target likely victims anyway?

~~~
Analemma_
Is Akamai's DDoS protection tiered? That's not how it works for e.g.
CloudFlare: you pay a flat fee and (they claim) they'll keep you up no matter
the size or frequency of the attack. If Krebs simply wasn't signed up for a
high enough tier than I guess Akamai did the right thing, but if they charge a
flat fee for protection and make similar claims to CF then they deserve to be
raked over the coals for this.

~~~
ryanlol
That's not how CF works either, they'll force you to a custom plan if you get
hit enough.

If it wasn't clear, Krebs wasn't paying Akamai a penny. I'd assume their
cheapest solutions start around 10k a month, hard to justify for a journo.

~~~
Analemma_
Ok, I did not see Krebs' latest tweet that he was getting free service
([https://twitter.com/briankrebs/status/779111614226239488](https://twitter.com/briankrebs/status/779111614226239488)),
that's a lot more justifiable. You'd think a netsec journalist would be the
first to find it worth it to get on the paid plan.

~~~
ryanlol
>You'd think a netsec journalist would be the first to find it worth it to get
on the paid plan.

How much do you think a solo netsec journalist with only a couple of ads on
his site earns?

~~~
pasbesoin
Krebs' reporting (now, after leaving the Washington Post under whatever
circumstances -- cost cutting? -- on his own "blog"), has for years now shone
a very useful, researched insight into various matters of important
technological vulnerability.

He provides a real service. Which is probably why Akamai offered him their
services for free, in the first place.

Krebs shines a light on shadows that very much don't want to be seen, much
less outed. The years long level of escalating attacks against him and his
site reflect this.

------
Analemma_
Fun fact: the suspicion right now is that this traffic is coming from
compromised IoT devices. Just in case you needed _another_ reason why the
Internet of Things is the worst thing to happen to computing in a long while:
it has handed attackers more ammo.

~~~
Jugurtha
I happen to have a profile on LinkedIn. When I see someone with a "IoT
Expert", I'm like "Dude, we live in Algeria. We didn't even make online
payments and somehow there are more Internet of Things experts than Things of
the Internet. Come on!".

It's a good selector for the kind of people who'd write "Mastery of C/C++"
thinking they're the same thing.

~~~
lfx
They are from the same category as people who put 5 start of five on their
resume. What does it mean? 5/5 for MS Office? Clicking, double clicking,
getting, sending emails?

However I wound't blame IoT for all of it. What about uncountable number of
vulnerable routers at home and small offices? As far as I know they may send
legitimate (from ISP PoV) low traffic all day to some endpoints on internet.

~~~
Jugurtha
> _However I wound 't blame IoT for all of it._

Personally, I think IoT is just a buzzword coming from I don't know where. IoT
has existed the moment two things were connected over a network, and this was
decades ago.

> _What about uncountable number of vulnerable routers at home and small
> offices?_

"Hypothetical" cases: devices of sensitive organizations just sitting there
with default configuration. FTP servers of TV stations with a genius admin
making a tutorial for staff with the goddamn credentials on the "intranet
page" (you have the privileges of writing the news of tomorrow, literally).
Teleconference system of major company that are broadcasting what's happening
in the meeting room because why not. Readable and writable remote sensing
devices that are broadcasting information that matters a great deal and you
could just toy with it.

All this without even brute-force or exploiting a vulnerability. Basically
within the reach of any monkey who could type admin-admin.

------
tim333
You can read it on the Google cache to some extent. Here's the article on the
DDOS

[http://webcache.googleusercontent.com/search?q=cache:http://...](http://webcache.googleusercontent.com/search?q=cache:http://krebsonsecurity.com/2016/09/krebsonsecurity-
hit-with-record-ddos/&num=1&strip=1&vwsrc=0)

~~~
freehunter
The fact that this is pure, raw packets and not using a DNS amplification
method sounds to me like the attackers are advertising. "Hey, look at my
capabilities. Look what I can do. Hire me for your next DDoS attacks." If
these guys don't get caught or taken down, they could easily become the
biggest players in the market. Twice the size of the last biggest DDoS, with
no trickery. That's insane.

------
x0rx0r
This is disgusting. It might be from @poodlecorp

