Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: > On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: > > Is CloudFlare able to filter Layer 7 these days? I was under the >> impression CloudFlare was not able to do that. >> >> There have been a lot of rumors about this attack.

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, Sep 23, 2016 at 10:13 PM, Jon Lewis wrote: > On Fri, 23 Sep 2016, Christopher Morrow wrote: > > On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: >> >> On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: >>> >>> Is CloudFlare able to filter Layer 7 these

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

A similar GRE attack was used against the Olympics: "Once the Olympics got under way, LizardStresser along with a few other botnets ramped up their attack against organizations affiliated with the Olympics. The DDoS campaign launched attack traffic using the lesser-known IP protocol Generic

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri 2016-Sep-23 17:29:59 -0400, Jared Mauch wrote: On Sep 23, 2016, at 5:24 PM, Hugo Slabbert wrote: Please tell me why I can't spoof source IPs on a stateless protocol like GRE. If he specifically meant you can't spoof a source, hit a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Not at all. I refered to AUP's as a way people remove you from a service when you use more of it then you are paying for. On Fri, Sep 23, 2016 at 3:58 PM, Marcin Cieslak wrote: > On Fri, 23 Sep 2016, jim deleskie wrote: > > > They were hosting him for free, and like

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On September 23, 2016 12:15:26 PM PDT, Sven-Haegar Koch wrote: >On Fri, 23 Sep 2016, Mike wrote: > >> On 09/23/2016 11:30 AM, Seth Mattinen wrote: >> > On 9/23/16 10:58, Grant Ridder wrote: >> > > Didn't realize Akamai kicked out or disabled customers >> > >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

> On Sep 23, 2016, at 5:39 PM, Hugo Slabbert wrote: > > If the attackers were hitting the GRE tunnel destination and spoofing the > tunnel source that would make things harder, but that's starting to get into > rather intimate knowledge of the scrubber's and customer's

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, 23 Sep 2016, Christopher Morrow wrote: On Fri, Sep 23, 2016 at 9:24 PM, Jon Lewis wrote: On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not able to do that. There have been

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, 23 Sep 2016, Patrick W. Gilmore wrote: Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not able to do that. There have been a lot of rumors about this attack. Some say reflection, others say Layer 7, others say .. other stuff. If it is Layer

Re: PlayStationNetwork blocking of CGNAT public addresses

On Mon, Sep 19, 2016 at 09:55:56PM +0200, Florian Weimer wrote: > Github users create several orders of magnitude more SSH connections > [snip] Ah. I didn't know that. Thanks! > Sure, and people already do this, and are not very flexible about it. > Support staff isn't briefed, and claim they

Re: PlayStationNetwork blocking of CGNAT public addresses

On Thu, Sep 22, 2016 at 02:31:12PM +0200, Alexander Maassen wrote: > Maybe its time then for a global accepted, unified way to send/report abuse??? There are -- see Valdis's followup. But there's still no viable substitute for a working abuse@ address with clueful eyeballs on the other side of

Manage Outage Notifications?

What are people using to manage / send their outage notifications? We're currently using a mostly manual process to identify customers that need to be aware of an outage and send out e-mail at $dayjob. Looking for a way to automate it more. I'd prefer something open source, but that's not a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

FWIW, we have offered to help. No word so far. We're more than willing to step in front of the cannon pointed his way. Justin Paine Head of Trust & Safety CloudFlare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D On Fri, Sep 23, 2016 at 11:58 AM, Marcin Cieslak

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not able to do that. There have been a lot of rumors about this attack. Some say reflection, others say Layer 7, others say .. other stuff. If it is Layer 7, how are you going to ‘step in front of the

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

We routinely mitigate L7s. Matthew is also on the record saying we've seen and mitigated similar attacks to this one (based on available information about this attack). Justin Paine Head of Trust & Safety CloudFlare Inc. PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D On

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Yes, they do (or advertise): https://support.cloudflare.com/hc/en-us/articles/200170216-How-large-of-a-DDoS-attack-can-CloudFlare-handle- Jörg On 23 Sep 2016, at 21:26, Patrick W. Gilmore wrote: Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not

Krebs on Security booted off Akamai network after DDoS attack proves pricey

Didn't realize Akamai kicked out or disabled customers http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ "Security blog Krebs on Security has been taken offline by host Akamai Technologies following a DDoS attack which reached 665 Gbps in

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

To be fair, he was getting the service for free. I wouldn’t really call that a paying customer. Still not great from a PR standpoint though. -- Alex Wacker On September 23, 2016 at 2:00:10 PM, Grant Ridder (shortdudey...@gmail.com) wrote: Didn't realize Akamai kicked out or disabled customers

RE: Krebs on Security booted off Akamai network after DDoS attack proves pricey

If you read the article, it is made clear he was "kicked off" of a free service being provided. He was not a paying customer of Akamai and does not fault Akamai for their decision. From: Grant Ridder [shortdudey...@gmail.com] Sent: Friday, September 23,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

They were hosting him for free, and like insurance, I can assure you if you are consistently using a service, and not covering the costs of that service you won't be a client for long. This is the basis for AUP/client contracts and have been going back to the days when we all offered only dialup

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Once upon a time, Grant Ridder said: > Didn't realize Akamai kicked out or disabled customers Any business is likely to kick out customers that cost them much more than they are being paid (under relevant contract terms of course). Since his blog was being hosted for

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

I believe the article says they were being hosted for free. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Grant Ridder" To: nanog@nanog.org Sent: Friday,

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Sep 23, 2016, at 1:58 PM, Grant Ridder wrote: > > Didn't realize Akamai kicked out or disabled customers > http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ > > "Security blog Krebs on Security has been taken

Weekly Routing Table Report

This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG. Daily listings are sent to

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri Sep 23, 2016 at 10:58:44AM -0700, Grant Ridder wrote: > Didn't realize Akamai kicked out or disabled customers They didn't - Krebs has publicly stated that Akamai were providing services "Pro Bono" - and I guess the goodwill ran out :) Simon

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, Sep 23, 2016 at 2:58 PM, Grant Ridder wrote: > Didn't realize Akamai kicked out or disabled customers > http://www.zdnet.com/article/krebs-on-security-booted-off- > akamai-network-after-ddos-attack-proves-pricey/ > > "Security blog Krebs on Security has been

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

While we are on topic of DDOS, it looks like it's quite a storm now. According to this WHT post [1], some large server providers were recently attacked, and many are still being attacked with quite a large bandwidth, ie 1Tbps attacks against OVH. [2], [3] Regards, Filip [1]

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

Well, there’s always Cloudflare and Google that are willing to do it for free. Let’s hope we won’t run out of free providers any time soon.. It’s a nice blog. > On 23 Sep 2016, at 20:58, Grant Ridder wrote: > > Didn't realize Akamai kicked out or disabled customers >

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 9/23/16 10:58, Grant Ridder wrote: Didn't realize Akamai kicked out or disabled customers http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ "Security blog Krebs on Security has been taken offline by host Akamai Technologies following a

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On 09/23/2016 11:30 AM, Seth Mattinen wrote: On 9/23/16 10:58, Grant Ridder wrote: Didn't realize Akamai kicked out or disabled customers http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ "Security blog Krebs on Security has been

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, 23 Sep 2016, jim deleskie wrote: > They were hosting him for free, and like insurance, I can assure you if you > are consistently using a service, and not covering the costs of that > service you won't be a client for long. This is the basis for AUP/client > contracts and have been going

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

My gigabit pipe was also DDOS attacked the same day my name appeared in Brian’s story. -mel > On Sep 23, 2016, at 11:02 AM, Alex Wacker wrote: > > To be fair, he was getting the service for free. I wouldn’t really call > that a paying customer. Still not great from a PR

Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey

On Fri, 23 Sep 2016, Mike wrote: > On 09/23/2016 11:30 AM, Seth Mattinen wrote: > > On 9/23/16 10:58, Grant Ridder wrote: > > > Didn't realize Akamai kicked out or disabled customers > > > http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/ >