All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDoS attacks plaguing the internet
From WHT:
I made this post on the reliablesite down thread in the network issues forum. But I felt like it deserves it's own thread, and may give other providers the chance to comment if they've seen the same attacks recently on their network.
Psychz was attacked yesterday. (>100Gbps)
Cogent was attacked yesterday. (reportedly)
OVH was attacked yesterday (source:
Krebs was attacked today. (source: )
Blizzard was attacked today. (source: )
Choopa/Vultr were attacked today. (source: http://www.webhostingtalk.com/showthread.php?t=1599421)
Riot were attacked 3 days ago. (source: )
You can probably find more, someone is tossing around some seriously large attacks at the industry.
Some of the attacks are being claimed by LizardSquad/PoodleCorp. The others, such as the large attack that hit OVH/Choopa/Psychz haven't been publicly claimed that I could find.
And an interesting write-up here as well: https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
(source)
And looks like Akamai reported a "network event", and Brian Krebs has now been kicked off Akamai/Prolexic.
This does not sound good.
Comments
This isn't paranoia or misinterpreting patterns, this is a thing.
it only was a matter of time, i'm sure they will grow bigger.
It's the same like attacks with SSDP Reflection in the past, without reflection. Someone has a large botnet of IoT Devices and uses it's power to cripple even the largest networks with Layer3 (e.g. GRE) / Layer4 (e.g. the OVH ones with TCP ACK) attacks. Nothing special so far, but disturbing for every network guy doing ddos protection services.
Interesting that Akamai had problems, they have a few 100Gig Pipes in Frankfurt to DE-CIX and the same to AMS-IX in Amsterdam. Normally, their network design should probably allow tanking of such large attacks without any packetloss. Regarding Bryan Krebs, they may have compared the costs of protecting him with the revenue - typical business strategy for every company who wants to grow continously.
Btw. one or two weeks ago, Voxility had a large ddos related outage too. Some of their customers in Frankfurt were affected by packetloss due to a new unusual attack. I dont know anything more, but it was noticeable for around 30 to 60 minutes.
perhaps this will encourage a more co-ordinated response to attacks...
nah probably not.
http://krebsonsecurity.com/ redirects to my localhost :P
Pretty scary when Akamai and Voxility start having recurring problems with DDoS...
I like how Krebs comments on Twitter that he was hit with the largest DDoS attack in history (650Gbps --
It seems DDOSing will be having its 16th ish birthday this year. Seems appropriate.
https://blog.fortinet.com/2013/03/25/ddos-a-brief-history
Some more targets:
Hmm...
650Gbps is very unlikely to be the "biggest attack". Not everyone just brag about it. They keep talking about the attacks but they never release any serious and technical information about them.
People should also take the positive side of it, the more the script-kiddies will abuse broken things the faster they will get fixed.
I'm sure someone more worldly than me can elaborate, but it's not the kind of thing that can be fixed without some collective agreement and/or centralised decision making.
@ricardo Insecure (from the factory) IoT devices are the root cause of this incident. Awareness plays a big part in preventing such mistakes in devices manufactured and deployed.
It seems that after reading the story, Akamai has disabled krebsonsecurity.com because they used to host it for free, perhaps they would not have unplugged if krebsonsecurity.com was paying Akamai for the service.
Maybe krebs should open up his pocket book and find out
2 Days ago Link11 got attacked too. Someone testing his new Stuff.
I am expecting this for many months, even years. It is inevitable as long as carriers simply sell more BW due to it.
Looks like WorldStream has been getting hit as well.
I can confirm Voxility facing this ddos issue as well. For 2 consecutive days sites with Voxility always on protection faced this issue for around 1 hour. Sometime they were up and sometime down it happened around same time on 2 days in a row (we had a chatroom and users were getting disconnected every minute for no reason) and i was also getting up and down emails from monitoring service every minute during that time.
Time to update mitigation algorithms!
@Qarizma None of the attacks we saw were particularly complex. Just abnormally big.
Time to buy bigger tubes & bigger routers!
Good to see you Split.
They where complex enough to punch a lot of big providers. ^-^
For me it happened this week for 2 days in a row for 30 to 60 minutes (Tuesday & Wednesday around same time GMT 3-5). VPS location is London and using Voxility always on protection mode.
Anything to do with the Cisco thing?
http://www.securityweek.com/over-840000-cisco-devices-affected-nsa-linked-flaw
Recently I have been hit quite frequently in all locations after what I would describe as a 6 month low in activity, some LES locations are getting hit daily, I am fairly sure that the recent days long attacks on virtwire contributed to the towel being thrown in.
http://news.softpedia.com/news/ddos-for-hire-community-strikes-back-at-krebs-with-record-665-gbps-ddos-attack-508535.shtml#ixzz4L2GVRndx
LOL.
Surely you cant find that much wankerism on your own machine???
heheheehe... Wait this mic is still on.... O_o
There's been a mixup. You and I have the same address.
I heard Krebs was moving to HostSailor.