On Fri, 23 Sep 2016, Mike wrote: > On 09/23/2016 11:30 AM, Seth Mattinen wrote: > > On 9/23/16 10:58, Grant Ridder wrote: > > > Didn't realize Akamai kicked out or disabled customers > > > http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ > > > > > > > > > "Security blog Krebs on Security has been taken offline by host Akamai > > > Technologies following a DDoS attack which reached 665 Gbps in size." > > > > > > So ultimately the DDoS was successful, just in a different way. > > > > ~Seth > > > > > More technical information about the characteristics of these attacks would be > very interesting such as the ultimate sources of the attack traffic > (compromised home pc's?), the nature of the traffic (dns / ssdp > amplification?), whether it was spoofed source (BCP38-adverse), and whether > the recent takedown the vDOS was really complete or if it's likely someone > else gained control of the C&C servers that controlled it's assets?
At least for the OVH case there is a bit of info: https://twitter.com/olesovhcom/status/779297257199964160 "This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn." c'ya sven-haegar -- Three may keep a secret, if two of them are dead. - Ben F.