Domain: prolexic.com
Stories and comments across the archive that link to prolexic.com.
Comments · 23
-
Advisory location ...
-
Method to block DOS attacks.
I wrote this back in 2001, and it's still relevant!
http://www.dnull.com/dos/DOS-Block.htmRunning through something like a Citrix Netscaler helps filter out much if your lines aren't overwhelmed.
http://www.citrix.com/English/ps2/products/product.asp?contentID=21679There are a few other companies that seem to have a solution, but this really looks more like a CDN with enough capacity and some filters to ride out what ever attack could be launched at them.
http://www.prolexic.com/index.php/why-prolexic/ddos-mitigation-services/
http://www.arbornetworks.com/stop-ddos-attacks.html -
Reference to the actual studies
The advisory indeed speaks only of using DC++ to launch DDoS http://www.prolexic.com/news/20070514-alert.php However, the New Scientist article refers to two academic studies that discuss how eMule and BitTorrent can be misused for the same purpose:
a) N. Naoumov, and K.W. Ross, Exploiting P2P Systems for DDoS Attacks, International Workshop on Peer-to-Peer Information Management, May 2006 http://cis.poly.edu/~ross/papers/p2pddos.pdf
They show that one can subvert Overnet traffic (applicable to eMule that uses the same DHT as Overnet)
b) Karim El Defrawy, Minas Gjoka, Athina Markopoulou, "BotTorrent: Misusing BitTorrent to Launch DDoS Attacks", USENIX SRUTI, June 2007.
They show that one can subvert BitTorrent traffic by submitting to torrent aggregators fake torrent files that advertize the IP of the victim instead of a legitimate tracker's. -
Message from Prolexic CEO
-
Re:When the going gets tough...
Exactly, even Prolexic was unable to protect them in the end, despite their rather supportive message just a week ago: http://www.prolexic.com/spam/spam-051006.php
-
Re:Usage of BS for those subbed before the attack
I know this is a stale
/. post by now, but to your Q: Ramadeus
I was a member a few weeks prior to the attacks. Boy you just cant pay for fun like this!
My frog client is still up and it can connect to the mother ship, however no opt-outs are being issued. All of my spam reports are being accepted via SMTP - I'm expecting a big volley of opt-outs once team blue gets situated. When I first signed up it was also like this. It took a week before Opt outs started flooding out - part of the Blue Frog due process philosophy I guess.
Between Blue Security relocating to Prolexic and Prolexic being under a constant state of attack (see link: http://www.prolexic.com/spam/spam-051006.php ) I'd say everyone is pretty busy. We'll probably be hearing from the Blue Security guys pretty soon on what's going on. They're usually very good at keeping everyone up to date on status.
Stick in there. I read somewhere that these recent criminal acts have forced Blue Security to execute their plans to scale up their systems ahead of schedule. So rather than a controlled upgrade / migration it's turnning into a "turn the servers off, scramble like crazy, turn them on" type thing. Migration can be hard even under good conditions - I'd hate to try it while at war.
Also, as a "beta" system they might not have thought they'd need big boy (and big dollar) protection from the likes of Prolexic this soon. I don't think anyone could have guessed how mad the Spammers got and how many resources they would be willing to throw at one little anti-spam outfit... And it seems the fight isn't over. Quite a vote of confidence! Anything criminals hate - I by default like!
ATB. -
Could be a BGP blackhole route
Looking now, BlueSecurity seems to have moved their operations to Prolexic as of a few hours ago. This will buy them some DDoS protection. Prolexic is based in Miami, and most of my traceroutes are getting lost in Phoenix, but I can't tell if that's something Prolexic is doing or a very clever blackhole.
Netvision also seems to have GlobalXing/AS3549 as a transit provider.
My suspicion (since I don't have a looking glass with a historical search), is that someone with access to the main BGP reflectors inside of either UUNET or GlobalXing managed to make an announcement that they had a local router with a route to AS1680, and then that router just blackholed any traffic to those netblocks. It was happening during the L3/Cogent wars last year, L3 was announcing Cogent netblocks, and blackholing the traffic. If one major backbone such as UUNet makes a false BGP announcement, it could effectively block much traffic from the US to Israel, but European sites would still mostly see Israel as closer.
My next best theory is that someone at LimeLight Networks(AS3549, a GLBX reseller) is sending poison BGP announcements, but I don't see any in looking glasses.
That kind of technically advanced activity, especially with the potential for huge economic losses, should trigger an FBI investigation. Of course, the FBI isn't going to admit anything or post updates on /. until they hand up indictments to the court and make some arrests.
the AC -
EasyDNS and Prolexic
This happened to EasyDNS a while back. They ended up moving part of their DNS infrastructure behind Prolexic, which appears to have helped.
Prolexic is the brainchild of Barrett Lyon, who seems to have some experience fighting DDoS attacks. I'd be interested to see how well Prolexic's service actually works, but it seems technically sound to me. -
Here's why not.[due to shitty bandwith] AOL hosts take far longer to compromise and provide far less "bang for the buck". No wonder they're compromised a smaller percentage of time.
Can you tell me why BellSouth and all of their dial up slowness and relatively small size is number 3 on the list? I think AOL is doing a better job protecting the Windozing masses than others. I'd have real respect for them if they offered their customers Mepis.
-
Re:Turn turn turn ...Interestingly Canada, with a large broadband base, is only ranked at number 11 *per capita*
As is Korea not even appearing on the top 20.
The big thing I read from this was "attacks are now focusing [...] on weaknesses in the DDoS mitigation devices that have been deployed to stop DDoS attacks. Prolexic has seen a 100% failure rate of several DDoS mitigation devices."
Instead of protecting your services/networks, you now have to protect your protection devices.
I just think this is a nifty picture.
-
Report.
The actual report is at:
http://www.prolexic.com/zr/
--saint -
Re:Umm...
Here you go
The Prolexic Zombie Report
-
xvid torrent
-
Systm Torrents
Here are the torrents for the videos:
http://www.prolexic.com/systm/systm--0001--warspyi ngbox--large.xvid.avi.torrent
http://www.prolexic.com/systm/systm--0001--warspyi ngbox--large.wmv.torrent -
Systm Torrents
Here are the torrents for the videos:
http://www.prolexic.com/systm/systm--0001--warspyi ngbox--large.xvid.avi.torrent
http://www.prolexic.com/systm/systm--0001--warspyi ngbox--large.wmv.torrent -
Here is an updated mirror direct from the source
-
Want to see the anti-DoS site at work?
They added a mirror for CSO online. Browse to the following URL and it all starts magicall working.
www.csoonline.prolexic.com -
If you get bad results, it's your own fault!I work for a large international Bank. We preform vulnerability assessments on an annual basis. If you have bad results from an assessment deliverable, then you have chosen the wrong vendor to work with. We have found that if we know what we want out of the testing, we get good results, and we place pressure to ensure that.
We just finished our first DDoS assessment, it went wonderful and we had the best security related results that we have seen in years. The guys over at Prolexic know what they are doing. You may want to check them out, www.prolexic.com. They just started a new product they call DDoS security testing, I am not sure if it's on their web site.
-steve
-
Re:Ing the Internet
Well maybe you want to check out the Opte Project http://opte.prolexic.com/ for that type of thing.
-
My guess
Something like this.
-
Re:Prolexic Technologies
Hmmmm
... we could try slashdotting them, see if they're any good :). -
Prolexic Technologies
Apparently, Prolexic Technologies is the company that's providing the DDoS Solution.
-
Re:So who are the extortionists?
I'd hope they are getting more than a "firewall + script" for 100G.
A quick look at Prolexic's web site make me think it's selling a distributed proxy service. Don't see why it wouldn't work.
As far as the reasonability of cost, I doubt 100G is a big number for them.. ..they're bookies.