Slashdot Mirror
Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com)
An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.
Seems to me the attackers win, at least in the short term, because the caching and CDN provider (who I expect was probably contracted and paid, although it's entirely up to Brian how he handles his business affairs, it does seem likely) takes the site off the air anyway. That being the case ... what's the point of having that contracted relationship, if they dump you anyway?
From Kerbs on Security site:"The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second." .
Akami were handling it as of yesterday, but it seems that they decided it was too expensive to stand by their client while he is under attack.
Maybe a coincidence, but this started to happen after Kerbs exposed anti-DDoS 'protection' firm BackConnect use of BGP hijacking.
for the boyz!
Akamai has a fiduciary responsibility to others on their network to ensure that they are not impacted by a single user. They were providing the service for free to Brian Krebs, he stated this. I do not work for Akamai(one of their competitors actually) but this is very, very common in this space.
So they booted him off because he was costing them a ton of money and wasn't paying anything. (I guess they were providing him service as a charity?)
But does that mean that they'll kick their paying customers off as well if the costs of defending them against attacks exceed the revenue they're getting from that specific customer? If so that would mean you could put Akamai out of business just by targeting one customer at a time, moving on to a new one as each one was evicted from the service.
This Space Intentionally Left Blank
I don't blame Akamai at all and it sounds like Krebs doesn't either. There were a ridiculous amount of resources used on the attack and that shit gets expensive to block.
Wow, really?
Hold all commercial software creators/publishers legally liable for security issues that enable these groups to create the botnets used in these attacks.
Akamai is throwing away a great marketing opportunity and turning it into a huge negative. Why would I move to Akamai, knowing that they'll kick me off their network if I ever have trouble? They're throwing away their primary competitive advantage with one stupid decision.
Good, infants should be trafficked.
Are you here to provide a sample of what kind of spam the DDoS traffic consisted of or what's that got to do with the story?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
e.
Blocking DDos is bread and butter basics to a content delivery network, so why are they delivering 620Gbps of data on a DDOS attack?
I would consider it to be good practice, for when a more important customer gets attacked. At the very least I would consider it BAD practice to show that DDos can work easily against an Akamai site.
Akamai need to do an about turn, politely tackle the DDos and sack the idiot that decided they'd fold to a simple distributed denial of service attack.
620 Gbps per second?!?! So every second, the traffic increases by *another* 620 Gbps? Next thing you know, we'll have Automatic Teller Machine machines, Personal Identification Number numbers, and Liquid Crystal Display displays running amok.
more than 620 Gbps per second of traffic
So that's what, like 4.17 cubic hogsheads?
Say something, get blown off the web.
I wouldn;t say that - the size of the attack is beyond anything seen before. They are reporting 665 Gbps. Let the sheer size of that number sink in for a while.
If they can't handle a DDOS, any DDOS competently then they just made it clear they are a minor player....
Wonder if AWS, Azure or Google will pick him up as a PR move.
"Don't fear death... fear not living..." -me
when you're honest. Krebs doesn't pull his punches and the whiners of the world (i.e. those he lambasted for having low quality products or game play) don't like it and now they're being petulant two year olds.
Just goes to show the mentality of supposed adults. Especially the cowards who sit behind a keyboard and try to destroy the work of others because they didn't get their lollipop.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
Akamai does not like Krebs exposing out the DDoS attackers, because fear of DDoS is what brings Akamai business. This is a good excuse to try to get rid of Krebs.
I have said it before, and I will say it again: Brian Krebs rocks.
Much of the traffic comes from iot connected crap with poor security.
Real headline should be
Krebsonsecurity put on ice by freezer
Actually, that's not the case, despite a lot of the coverage claiming it is. It's the largest seen by by Akamai, but OVH reported a DDoS peaking at 800Gb/s earlier the same day - although there are no indications of a connection (yet?). What's perhaps more interesting about the DDoS on Krebs isn't the size of it so much that it apparently wasn't a UDP amplification attack, which is the norm for DDoS these days, but TCP/GRE - the botnet used was generating all that traffic on its own Both attacks are far larger than any one group was thought capable of doing (until now) and might be an indication that the number of botnet operators might not be as large as suspected, but instead consists of a smaller number of operators with multiple botnets under their control.
UNIX? They're not even circumcised! Savages!
It's "kapakahi".
http://wehewehe.org/gsdl2.85/c...
vs. One-sided, crooked, lopsided, sideways; bent, askew; biased, partial to one side; to show favoritism. Lit., one side. Cf. lawe kapakahi. K kapakahi ka l ma Wai-anae (saying), the sun appears lopsided at Wai-anae [said by the goddess Hiiaka while her lover was dallying with someone else, hence said of any unlawful dallying].
"kapakai" is very different:
http://wehewehe.org/gsdl2.85/c...
vs. To wait for. Rare.
Cyber-terrorism gets you what you want apparently.
Akamai Technologies should be dumped by everyone who uses them and should not get any new customers.
Here's an archive.is link for those not wanting to deal with BI's paywall.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Where's that Slashdotter from the thread last week who posted 5 easy steps to stopping a DDoS! Akamai needs your "expertise"!
From the right up on it, it was peaking at 665 gigabits/sec and was leveraging a massive botnet trying to make direct connections instead of using DNS reflection. They kept his site up during this and numerous other large scale attacks. Claiming that Akamai isn't a "bullet proof" host because they decided their support cost and impact to their customers outweighed the free-marketing/goodwill is just asinine. You're the same entitled person that uses free web services and then b*tches when they start charging or go under aren't you?
He's high profile, they hosted him for a PR gain.
So Akamai had the chance to show how their content delivery is hardened against distributed denial of service attacks and would have benefitted from the PR. Instead they cut him loose and got 10x the bad PR from that.
At best we can say its a lost PR opportunity, but at worst they'd screwed up and someone should be fired.
When your business is delivering content, then folding for a DDos attack shows you're not fit for purpose to higher paying customers. As it is each customer is thinking... at what level of attack will Akamai let us down?
I wonder how much more successful Krebs would be moving his site to a sites.google.com? Sure, he'd have to deal with the awful feature set there, but I'd like to see anybody DDOS google successfully. I don't think it's actually been done has it?
Sshh, Peter, this is big boys' stuff. Go play in your corner with your hosts files and ARP command.
We tried some automation of this sort of thing about 10 years ago. We very quickly ran into limitations of the operating system when we tried to block very large numbers of ip addresses. At the time some OS's were better than others, and blocking blocks instead of individual ips helped, but it's important to test this kind of thing before you need it. Of course it may all be better these days.
"
briankrebs @briankrebs
Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don't fault them at all.
"
So, can someone downvote the Akami witch hunt please?
Google should step up for this one.
Help a security reporter/researcher out dudes.
Akamai is awesome for protecting him this long. Obviously, we now now the limitations of that service.
Krebs could help too, but switching to static content and external feedback locations.
I was a dedicated reader of Krebs stuff for years. He has proven to be an excellent, accurate, trustworthy reporter. His deep stories are the best in the business with insights not usually available outside the cracker community.
So - hey - google. You gonna help? Do no evil, right?
It was a risky move, IMO, on the part of Akamai, and sends a horrible message about their service.
Were it not that the perpetrators have now apparently been arrested, why would they not then go back and go after Akami in general, just to prove a point? In fact, why wouldn't others now go after Akamai, just to prove a point?
Perhaps it was not really a severe impact to Akamai (other than cost), and they could have withstood the attack. If somebody wants to prove that they are the King of DDOS, now what an opportunity to prove that they have the capability!
Akamai risked bringing on a bigger attack. And they risked their reputation. A smart move on the part of a competitor would be to welcome Krebs. I fully expect some smart company will do that in the coming days.
At that size I am sending employees on planes with jackhammers and bobcats to start cutting fibre near the source.
See subject: Via hosts files I block 3,993,505++ & growing host-domain names - I can't see modern OS failing doing it @ routing table (or firewall) levels nowadays.
* "Play it again Sam" & try it again I say (yes, it really works & using what you ALREADY HAVE AVAILABLE NATIVELY in your OS' IP stack & tools for it...)
APK
P.S.=> That is, unless you ENJOY being "DDoS'd/DoS'd" that is OR spending monies on things you really don't NEED to be spending on (of course, it helps "burn budget" @ year end too, now doesn't it? Yes, or you don't get the SAME or MORE next year - I consult @ year end every year for 10 yrs. now making monies on that basis in fact (very sad considering their own IT staff could do it but that budget needs BURNING, lol, for the reasons I noted as the REAL REASON it's done))... apk
Proper egress filtering by consumer ISPs would stop most of the DNS/NTP/etc amplification attacks overnight. There's absolutely no reason any packets should be leaving, say, Comcast's network with an Akamai source IP on them. But this isn't an amplification attack, at least according to the previous article. This is apparently the old style DDoS, think LOIC, many thousands of hosts making "legitimate" (as far as the TCP transaction is concerned) connections, exhausting resources, sending giant requests, etc.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
Maybe they should try Google's Project Shield. https://projectshield.withgoogle.com/public/
Great idea!
Border routers accept Windows batch and Powershell scripts? Who knew...
See subject & (for Windows) http://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ & DDoS appliances e.g.-> https://www.google.com/search?q=DDoS+Appliance&btnG=Search&client=opera&hs=Mhq&channel=suggest&gbv=1/
* Enjoy!
APK
P.S.=> There's also NULL ROUTING (that your own techs/admins can program arp & route commands for easily enough)-> https://it.slashdot.org/comments.pl?sid=9692843&cid=52947119/ ... apk
Amazon should come forward to host Kreb's site. This provides a good opportunity to prove the world how robust they can be with their cloud infrastructure against DDOS attacks.
Oh, he's further up the thread claiming they just need to write a Powershell script to automatically manage their hosts file.
Anyone participating is a fool.. this will be big news soon.
I came up w/ something YOU /. menials should've? Yes https://it.slashdot.org/comments.pl?sid=9692843&cid=52947119/
HOWEVER:
Yes, I forget actually THINKING & WORKING is beyond your ken (lol, since that's NO HUGE TASK considering the tools ARE THERE ALREADY for you to do this w/ in null routing).
(Move the goalposts ALL YOU LIKE - after all - I saw nothing of border routers in the person I replied to ... BUT those routers DO HAVE FIREWALL RULES that could block this as well - guess what? YOU FAIL, lol, as always vs. myself)
APK
P.S.=> There's also a LOT MORE you can do vs. various forms of DDoS https://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ (even DDoS appliances if coding is "too much" for you even in PUNY scripting others' tools (that coders like myself create for you to merely 'use', you user with a better password (nothing more))... apk
Shut up
The web is asymmetric. A single host (or hosts in the case of a CDN like Akamai) sends files to thousands or millions of clients (web browsers).
This seems like something a distributed symmetric system like bittorrent could fix. Each browser already caches files for the web sites it's visited. If they could also be made to serve those cached pages to other web browsers (with a checksum to allow the new recipient to detect and discard corrupted caches), that would solve server overloading. The more popular a site/page is, the more computers it's cached on, and the more "load" it can take - it's self-scaling.
Making it SSL-only would prevent manipulation of the content (cache the page pre-decryption) since you'd need the original site's private key to alter the content in any meaningful way. A bad actor could still turn their cache into gibberish, but you should be able to counter that with automated blacklists of computers with corrupted caches, and using multiple parity copies for redundancy - sort of a distributed RAID. Basically the same problems bittorrent has to deal with.
Since it'll be offline for a while, perhaps... Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years.
I see him up there now - can't believe the crap he posts, he really believes he has the solution...
Maybe Krebs should talk to Google about getting on their Project Shield
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Hehe. Yes. Doing something at the end of the pipe will stop it before it gets there. Hmm. Fucking script kiddies at 40 years old.
See subject: I'm not certain this IS a "SYN-ACK" type of DDoS/DoS though (that only works on that type iirc).
* There's plenty more I illustrated too (DDoS appliances, Null-Routing (using tools you ALREADY NATIVELY HAVE, & even border/network perimeter filtering @ router firewall levels too)).
APK
P.S.=> Upstream bandwidth's necessary for some of these too (a constraint in & of itself)... apk
See subject (it's you, lol): I didn't note hosts vs. DDoS but rather arp/route NULL ROUTING liar https://it.slashdot.org/comments.pl?sid=9692843&cid=52947119/
* You're pitiful... or illiterate - take your pick but you FAIL as always worm - NULL ROUTING WORKS vs. DoS/DDoS & it's SO SAD I had to show you MENIAL network techs/admins tools that already NATIVELY do the job & you couldn't on YOUR OWN BALLCOURT, networking (took a coder, you know - guys like me who create tools MERE MENIALS with LOW skills merely use, the lot of you merely USERS WITH A BETTER PASSWORD, lol...!)
APK
P.S.=> It has, however, been a REAL PLEASURE exposing you as a liar trying to "put words in my mouth" I never ONCE stated (hosts isn't a solution here & I didn't note it was vs. DDoS either liar)... apk
Actually, the summary says 620gbpsps. Even worse!
Just trying to help the haole :)
I'll bet you think it's called "Harry Karry" too :) Or "Karry okie" :)
Take your racist bullshit somewhere else
See subject: My posts cover many methods vs. types of DDoS or DoS - what have YOU offered that's better as a potential solution here?
* N O T H I N G!
(Between arp/route null routing + DDoS appliances and CDN distribution of site parts plus OS settings &t router or software firewalls I've covered a LOT MORE GROUND vs. DDoS than any SINGLE person has on this page, hands-down & unquestionably...)
APK
P.S.=> "I don't understand the scale & scope"? Question is, do YOU?? I don't see it in potential solutions as I have offered QUITE comprehensively - & IF I was an asshole, trust me, I could code the tools that GENERATE these types of attacks (distributed too, easily) - I've been coding custom networking tools for decades (since 1995 in fact professionally)... apk
KrebsOnSecurity Hit With Record DDoS Continue reading
See subject & this blabbermouth blowhard bullshitter that you are https://it.slashdot.org/comments.pl?sid=9692843&cid=52947553/
* :)
(Lots of bullshit from you, no potential solutions, & yet I offer damn near the full gamut possible vs. DDoS by comparison in that link alone above earlier by myself (not you))
APK
P.S.=> Why I waste MY time on fake name using CHUMP TROLL BLOWHARDS (with nothing of value to offer here unlike myself in my posts) like you online is sometimes beyond me... apk
See subject: It's all I have to ask you (you evade it) & I offer more than ANY 1 person in this article did here https://it.slashdot.org/comments.pl?sid=9692843&cid=52947553/
* You lose just on my subject alone...
APK
P.S.=> Part of being intelligent is offering (even potential) solutions to problems - you don't offer ANY, lol... apk
You are confusing hawaiian and pidgin.
I grew up in hawaii. I learned my pidgin in the school yard.
And kapakai is definitely "all fucked up" in pidgin.
More proof: http://www.mauiinformationguide.com/speaking-pidgin.php
Oh dear, dickless is off his meds again, having the I crushed you delusion, sad really poor fellow, always making such a fool of himself.
So apparently Akamai cannot handle a DDoS, or not without some extreme costs or collateral damage. Seems this would be a great time for one of those places that claim to be able to provide protection from this sort of thing to step up and say, "We can handle anything, including hosting Krebs with all his haters trying to take him offline."
Weak off topic unidentifiable ac troll he states a fact techs depend on coders for tools to use. Minus them they're zero. You must be one and the truth of his words cut you right to the bone. Truth is like that.
See BOTTOM of this post & what both MS + Amazon do (they have cash to do it) http://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/
BOTH COMPANIES HANDLE "rushes" BIGGER THAN WHAT THIS IS, especially on holidays for Amazon (which is WHY they contructed their network thus).
* Yes - it's got POTENTIAL here even vs. 600++ g/mbps attacks & to warn them @ 2-6g/mbps to do null routing (which yes, can BE AUTOMATED AS I outlined for you networker menials who obviously need coders like myself to SHOW YOU HOW TO TO DO IT YOURSELVES easily, even in scripts).
APK
P.S.=> That's one hell of a LOT MORE than you offered:
"I offered no viable solution. Neither did you" - by bad-badtz-maru ( 119524 ) on Friday September 23, 2016 @05:20PM (#52949445)
Oh, really? I offer EVERY POSSIBLE DoS/DDoS defensive measure known there IS afaik @ least (where you admittedly offer SQUAT) - from least costly to MOST costly (see subject & Amazon + MS measures)... apk
"Null routing is fine if all you care about is getting the load off your systems, but it means completely disabling all legitimate traffic as well. Which is fine if it's your only option, but it's a last resort" - by Anonymous Coward on Friday September 23, 2016 @05:38PM (#52949567)M
You don't disable LEGIT stuff doing null routes. I went from cheapest methods to MOST expensive (Amazon/MS) http://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ & that tail end of it SHOWS that HUGE attacks can be detected + blocked (IF a company has the cash as MS/AMAZON DO for a "DDoS proof" network architecture) - once you have that, you can null route (or firewall) attacks based on IP addresses as I noted also in other posts on this page.
* Lastly - I know it's not (which is WHY I said what I did as far as SYN/ACK protection in my reply which someone oddly said before that reply of mine "that's the answer" etc., via TCP/IP parameterization) - I merely offered every possible defense I knew of vs. DDoS (more than anyone on this page has).
APK
P.S.=> That MS/AMAZON setup's got the BEST OVERALL POTENTIAL for protection for guys like Krebs (who obviously pissed off some online scumbags exposing them & their heinous little machinations obviously) - but that's more cash than guys like Mr. Krebs has available I wager (maybe this "project shield" is a way, but I'd wager it's based on things like MS & AMAZON are already long been doing) & others mentioned it LONG before you did (probably more GOOGLE SHILLS as usual, lol - this site's LOADED with them considering it's GOOGLE SPONSORED SLASHDOT bigtime in ads)... apk
Has Akamai come right out and said that the DDoS is the cause of why they are discontinuing service? If that is the reason, well, it's a business decision, but it doesn't look good in their capability to stop DDoS. Another possibility is, did Krebs disclose confidential information that violated his contact with Akamai when he disclosed details? I don't know but that may be another viable reason why Akamai has discontinued services to him or it could be a viable excuse of how he violated his contract allowing them to choose to discontinue services for whatever reason they wish due to the contract being nullified by breech from the customer. Again, I don't know, but it's worth considering that as a possibility.
Trying to minus mod apk hide putting you in your place menial https://it.slashdot.org/comments.pl?sid=9692843&cid=52947339alongwithhttps://it.slashdot.org/commen...> too? That's how we all know what the good posts are like when APK outsmarts the Google shills trying to champion their project shield mere imitation of what both Amazon and Microsoft do for a long time now
Um, it's "kapakahi" in pidgin too. Not sure what school yard you were in when you heard "kapakahi", but if you missed the "h", it's your hearing that's off, or they had a speech impediment.
Your cite is from a haole :)
Try Peppo's: http://www.aloha-hawaii.com/cu...
"CHOP SUEY
Kapakahi; all mixed up."
But go ahead, tell me more about what a local boy you were, and how haoles taught you how to speak pidgin :)
Microsoft & Amazon have setups that could handle it (dropping connections @ the 6gbps onward mark) https://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ you ignorant little illiterate cowardly fuck!
APK
P.S.=> You're replying anonymously because I've CRUSHED YOU BEFORE under your "registered 'luser'" name here (fake names for FAKE FUCKS LIKE YOU) before & you know it - you just don't want me tossing your previous fails back @ you to laugh @ you MORE over them (@ your expense, weasel)... apk
Is that the acceleration of the attack?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?