Slashdot Mirror

← Back to Stories (view on slashdot.org)

Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com)

Posted by msmash on from the pushing-the-limits dept.

An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.

14 of 212 comments (clear)

  1. Re:So basically ... the attack wins? by sinij · · Score: 3, Insightful

    Yes, but not for technical reasons (DDoS succeeding in overwhelming ISP). Akami shamefully decided to dump Kerbs.

  2. Not a surprise by Anonymous Coward · · Score: 4, Insightful

    Akamai has a fiduciary responsibility to others on their network to ensure that they are not impacted by a single user. They were providing the service for free to Brian Krebs, he stated this. I do not work for Akamai(one of their competitors actually) but this is very, very common in this space.

  3. So long... by Daetrin · · Score: 4, Insightful

    So they booted him off because he was costing them a ton of money and wasn't paying anything. (I guess they were providing him service as a charity?)

    But does that mean that they'll kick their paying customers off as well if the costs of defending them against attacks exceed the revenue they're getting from that specific customer? If so that would mean you could put Akamai out of business just by targeting one customer at a time, moving on to a new one as each one was evicted from the service.

    --
    This Space Intentionally Left Blank
  4. Pro Bono by hodagacz · · Score: 5, Insightful

    I don't blame Akamai at all and it sounds like Krebs doesn't either. There were a ridiculous amount of resources used on the attack and that shit gets expensive to block.

    1. Re: Pro Bono by I4ko · · Score: 4, Insightful

      Are you serious? Blocking traffic at high packet rate is expensive - CPU cycles, even with null routing even with FPGAs. It gets expensive as electrical cost at this level - extra heating, extra cooling, extra power. Even if your upstream has provided you with a blacklist community in their BGP announce policy, that traffic is blocked by something. Spend too many CPU cycles on blocking traffic, you miss on a few routing table updates, the tables expire and all that is there behind that router is gone. Your upstream may not like that. This is 650Gbps, think about that for a second - if this is TCP handshake you are looking at something like 20Gpps. Let that sink for a second, actually no, let it sink for a minute.

      If I was in Akamai's shoes that is what I would have done - get it off the network for a while, let anger, hot waves, hormones, or whatever other human emotion is fueling it cool off for a while. (And btw, never get a connected car because of this, especially one you need to start with your cellphone)

      Short of dropping the network completely off the BGP table in order to stop this at the source or the closest network to the source that speaks BGP cost will always be accrued. And it doesn't help that these days most network aggregate announces to /17 or /16 and don't accept/transmit to peers smaller ones. If I was Akamai I would ask that he moves his DNS to one special /16 that I keep unannounced, but that is a whole lot of IP space wasted. Even if Akamai has agreements to be able to keep /24 granularity of announces to all their peers, and have Krebs's site in some of their big pops where there are larger blocks, it takes time to move other customers out of that block and into other blocks, so they can drop the block off the network for a while without affecting others, even though most of the traffic will reach Akamai's upstreams (from the traffic point of view).

      Been there, done that 12-14 years ago. Much hasn't changed, only the numbers - 65 to 650 Mbps back then, 650Gbps now.
      Oh, I miss the days when someone on a 19.9Kbps modem could generate a 2+Mbps flood due to ppp compression.

  5. Re:So basically ... the attack wins? by mwvdlee · · Score: 4, Insightful

    I might be a conspiracy theorist here, but what might Akamai gain by blocking the guy who's taking down one of the largest criminal organizations providing the type of attacks that Akamai is being paid for to prevent?

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  6. Re:So basically ... the attack wins? by DougOtto · · Score: 4, Insightful

    I read somewhere that there was no contract but rather Akamai was providing the service pro-bono.

    If that's the case, and it was starting to impact paying customers, it's an understandable move.

    --
    Solving Unix problems since 1989...
  7. Re:So basically ... the attack wins? by Opportunist · · Score: 5, Insightful

    The reason is irrelevant. The message is clear: You want to silence your opposition? Conduct a DDoS until your enemy's hoster decides that you're more hassle than he is worth.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Exactly by Anonymous Coward · · Score: 2, Insightful

    Blocking DDos is bread and butter basics to a content delivery network, so why are they delivering 620Gbps of data on a DDOS attack?

    I would consider it to be good practice, for when a more important customer gets attacked. At the very least I would consider it BAD practice to show that DDos can work easily against an Akamai site.

    Akamai need to do an about turn, politely tackle the DDos and sack the idiot that decided they'd fold to a simple distributed denial of service attack.

  9. Re: So basically ... the attack wins? by Xest · · Score: 5, Insightful

    They weren't hosting him for free, there's no such thing as free.

    They were hosting him because it was good PR for them to be able to say "Yeah, we're capable of holding up this high value target's website just fine regardless of all the attacks he regularly comes under".

    This is a tacit admittance that Akamai's business model has changed from high end bulletproof host to just another host that will not keep your site up in the face of a DDOS. This is rather unfortunate for them, because such low end hosts are widely available, and at a far lower price point.

    I wish them luck with their new model as just another host chasing the low hanging fruit. They've sacrificed an incredibly important unique selling point for them - their reputation as a host that will keep you going no matter what.

  10. Re:This is a very real threat to free speech. by Anonymous Coward · · Score: 4, Insightful

    The reason that this DDos is able to generate so much force is they aren't just using malware-infected PCs. They are also using security cameras and other devices that connect to the internet. Thanks to all the companies who don't give two shits about securing their devices.

  11. Re:So basically ... the attack wins? by jofas · · Score: 1, Insightful

    Oh, HEEEERE we go.

    Akamai is NOT a public service. Akamai is the 800lb gorilla in the room. To a large extent, the can charge what they want and do what they want.

  12. Re: So basically ... the attack wins? by Aristos+Mazer · · Score: 4, Insightful

    They are incapable of dealing with the largest DDoS they've ever seen, double the previous record. There is no defense against a DDoS except bandwidth, so there's an upper bound that will take down *any* provider. Akamai is a high-end defender, but in this space, attackers have the clear upper hand.

  13. Re:So basically ... the attack wins? by sjames · · Score: 4, Insightful

    Alas, no. That would have been possible in the before time when a T1 was a lot of bandwidth and the threat was a DOS rather than a DDOS.

    In a DDOS, no one host is a big contributor, but there are a lot of hosts. Consider, you have 10,000 hosts (a SMALL attack) fetching valid URLs from your web server and sending them to /dev/null. Now, which of the 10100 hosts fetching pages from you do you want shot down? Keep in mind, your objective includes not letting the attacker win. To add to the "fun", those 10,000 hosts will rotate out and be replaced by others in a much larger pool fairly frequently.