Slashdot Mirror
Akamai Kicked Journalist Brian Krebs' Site Off Its Servers After He Was Hit By a Record Cyberattack (businessinsider.com)
An anonymous reader writes:Cloud hosting giant Akamai Technologies has dumped journalist Brian Krebs from its servers after his website came under a "record" cyberattack. "It's looking likely that KrebsOnSecurity will be offline for a while," Krebs tweeted Thursday. "Akamai's kicking me off their network tonight." Since Tuesday, Krebs' site has been under sustained distributed denial-of-service (DDoS), a crude method of flooding a website with traffic in order to deny legitimate users from being able to access it. The assault has flooded Krebs' site with more than 620 Gbps per second of traffic -- nearly double what Akamai has seen in the past.
Seems to me the attackers win, at least in the short term, because the caching and CDN provider (who I expect was probably contracted and paid, although it's entirely up to Brian how he handles his business affairs, it does seem likely) takes the site off the air anyway. That being the case ... what's the point of having that contracted relationship, if they dump you anyway?
From Kerbs on Security site:"The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second." .
Akami were handling it as of yesterday, but it seems that they decided it was too expensive to stand by their client while he is under attack.
Maybe a coincidence, but this started to happen after Kerbs exposed anti-DDoS 'protection' firm BackConnect use of BGP hijacking.
Akamai has a fiduciary responsibility to others on their network to ensure that they are not impacted by a single user. They were providing the service for free to Brian Krebs, he stated this. I do not work for Akamai(one of their competitors actually) but this is very, very common in this space.
So they booted him off because he was costing them a ton of money and wasn't paying anything. (I guess they were providing him service as a charity?)
But does that mean that they'll kick their paying customers off as well if the costs of defending them against attacks exceed the revenue they're getting from that specific customer? If so that would mean you could put Akamai out of business just by targeting one customer at a time, moving on to a new one as each one was evicted from the service.
This Space Intentionally Left Blank
I don't blame Akamai at all and it sounds like Krebs doesn't either. There were a ridiculous amount of resources used on the attack and that shit gets expensive to block.
Yup. Twice the redundancy per second per second.
Bitten Apples are still better than dirty Windows...
Yow! the traffic was accelerating at a tremendous clip!
Akamai is throwing away a great marketing opportunity and turning it into a huge negative. Why would I move to Akamai, knowing that they'll kick me off their network if I ever have trouble? They're throwing away their primary competitive advantage with one stupid decision.
Are you here to provide a sample of what kind of spam the DDoS traffic consisted of or what's that got to do with the story?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Blocking DDos is bread and butter basics to a content delivery network, so why are they delivering 620Gbps of data on a DDOS attack?
I would consider it to be good practice, for when a more important customer gets attacked. At the very least I would consider it BAD practice to show that DDos can work easily against an Akamai site.
Akamai need to do an about turn, politely tackle the DDos and sack the idiot that decided they'd fold to a simple distributed denial of service attack.
I wouldn;t say that - the size of the attack is beyond anything seen before. They are reporting 665 Gbps. Let the sheer size of that number sink in for a while.
If they can't handle a DDOS, any DDOS competently then they just made it clear they are a minor player....
Wonder if AWS, Azure or Google will pick him up as a PR move.
"Don't fear death... fear not living..." -me
when you're honest. Krebs doesn't pull his punches and the whiners of the world (i.e. those he lambasted for having low quality products or game play) don't like it and now they're being petulant two year olds.
Just goes to show the mentality of supposed adults. Especially the cowards who sit behind a keyboard and try to destroy the work of others because they didn't get their lollipop.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
The reason that this DDos is able to generate so much force is they aren't just using malware-infected PCs. They are also using security cameras and other devices that connect to the internet. Thanks to all the companies who don't give two shits about securing their devices.
Akamai does not like Krebs exposing out the DDoS attackers, because fear of DDoS is what brings Akamai business. This is a good excuse to try to get rid of Krebs.
I have said it before, and I will say it again: Brian Krebs rocks.
Actually, that's not the case, despite a lot of the coverage claiming it is. It's the largest seen by by Akamai, but OVH reported a DDoS peaking at 800Gb/s earlier the same day - although there are no indications of a connection (yet?). What's perhaps more interesting about the DDoS on Krebs isn't the size of it so much that it apparently wasn't a UDP amplification attack, which is the norm for DDoS these days, but TCP/GRE - the botnet used was generating all that traffic on its own Both attacks are far larger than any one group was thought capable of doing (until now) and might be an indication that the number of botnet operators might not be as large as suspected, but instead consists of a smaller number of operators with multiple botnets under their control.
UNIX? They're not even circumcised! Savages!
It's "kapakahi".
http://wehewehe.org/gsdl2.85/c...
vs. One-sided, crooked, lopsided, sideways; bent, askew; biased, partial to one side; to show favoritism. Lit., one side. Cf. lawe kapakahi. K kapakahi ka l ma Wai-anae (saying), the sun appears lopsided at Wai-anae [said by the goddess Hiiaka while her lover was dallying with someone else, hence said of any unlawful dallying].
"kapakai" is very different:
http://wehewehe.org/gsdl2.85/c...
vs. To wait for. Rare.
Cyber-terrorism gets you what you want apparently.
Akamai Technologies should be dumped by everyone who uses them and should not get any new customers.
Recently botnets haven't really been the issue, they've mostly been reflection attacks which use DNS, NTP, etc. to amplify the size of the requests. If networks started to drop UDP packets with spoofed addresses that would reduce the problem significantly (so would convincing a huge number of people to fix their DNS or NTP servers, but that is harder).
Here's an archive.is link for those not wanting to deal with BI's paywall.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Where's that Slashdotter from the thread last week who posted 5 easy steps to stopping a DDoS! Akamai needs your "expertise"!
From the right up on it, it was peaking at 665 gigabits/sec and was leveraging a massive botnet trying to make direct connections instead of using DNS reflection. They kept his site up during this and numerous other large scale attacks. Claiming that Akamai isn't a "bullet proof" host because they decided their support cost and impact to their customers outweighed the free-marketing/goodwill is just asinine. You're the same entitled person that uses free web services and then b*tches when they start charging or go under aren't you?
I wonder how much more successful Krebs would be moving his site to a sites.google.com? Sure, he'd have to deal with the awful feature set there, but I'd like to see anybody DDOS google successfully. I don't think it's actually been done has it?
At that size I am sending employees on planes with jackhammers and bobcats to start cutting fibre near the source.
Proper egress filtering by consumer ISPs would stop most of the DNS/NTP/etc amplification attacks overnight. There's absolutely no reason any packets should be leaving, say, Comcast's network with an Akamai source IP on them. But this isn't an amplification attack, at least according to the previous article. This is apparently the old style DDoS, think LOIC, many thousands of hosts making "legitimate" (as far as the TCP transaction is concerned) connections, exhausting resources, sending giant requests, etc.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
Great idea!
The first link looks like the solution, send it to Akamai, they just need to enable SYN cookies on their Windows machine!
The web is asymmetric. A single host (or hosts in the case of a CDN like Akamai) sends files to thousands or millions of clients (web browsers).
This seems like something a distributed symmetric system like bittorrent could fix. Each browser already caches files for the web sites it's visited. If they could also be made to serve those cached pages to other web browsers (with a checksum to allow the new recipient to detect and discard corrupted caches), that would solve server overloading. The more popular a site/page is, the more computers it's cached on, and the more "load" it can take - it's self-scaling.
Making it SSL-only would prevent manipulation of the content (cache the page pre-decryption) since you'd need the original site's private key to alter the content in any meaningful way. A bad actor could still turn their cache into gibberish, but you should be able to counter that with automated blacklists of computers with corrupted caches, and using multiple parity copies for redundancy - sort of a distributed RAID. Basically the same problems bittorrent has to deal with.
Since it'll be offline for a while, perhaps... Israeli Online Attack Service ‘vDOS’ Earned $600,000 in Two Years.
Or, you know - blame ISP's for not shutting down DDOS nodes. I assume the biggest problem is that we don't have a DDOS early-warning system for flagging and cutting abusers from the upstream pro-actively.
Bye!
I see him up there now - can't believe the crap he posts, he really believes he has the solution...
Maybe Krebs should talk to Google about getting on their Project Shield
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Actually, the summary says 620gbpsps. Even worse!
Just trying to help the haole :)
I'll bet you think it's called "Harry Karry" too :) Or "Karry okie" :)
Take your racist bullshit somewhere else
It seems like you don't understand the scale and scope of these attacks. You're approaching it the way you'd approach someone pointing a few circuits at you. These are millions upon millions of requests all coming from different addresses in an insanely short period of time. Nothing outside of a few highly-specialized tools can meaningfully inspect traffic at those rates. The reason Amazon, eBay, Microsoft, etc can handle it is just sheer size... there's no special technology, they're just already scaled out to handle everyone shopping on Black Friday, which is inherently a larger set of requests than any DDoS.
KrebsOnSecurity Hit With Record DDoS Continue reading
This DDoS is 600+ Gbps but the DDoS devices you link to handle 40 Gbps. How does that work? In another post, you suggest using a CDN. Did you read the original article? Akamai IS a CDN! It's very clear you have no concept of the traffic levels involved. It's hundreds and hundreds of servers involved, it's traffic levels where expensive routers start to fall over due to load. It's not something you manage with $200 appliances or shell scripts.
Part of being intelligent is realizing that some things are above your current understanding. That's why I have no solutions. However, I do understand enough to know that your solutions are amateur, given the sheer size of the data flow under discussion. You don't even recognize the scale and present solutions that are completely unworkable in that scale.
I offered no viable solution. Neither did you.
Has Akamai come right out and said that the DDoS is the cause of why they are discontinuing service? If that is the reason, well, it's a business decision, but it doesn't look good in their capability to stop DDoS. Another possibility is, did Krebs disclose confidential information that violated his contact with Akamai when he disclosed details? I don't know but that may be another viable reason why Akamai has discontinued services to him or it could be a viable excuse of how he violated his contract allowing them to choose to discontinue services for whatever reason they wish due to the contract being nullified by breech from the customer. Again, I don't know, but it's worth considering that as a possibility.
Um, it's "kapakahi" in pidgin too. Not sure what school yard you were in when you heard "kapakahi", but if you missed the "h", it's your hearing that's off, or they had a speech impediment.
Your cite is from a haole :)
Try Peppo's: http://www.aloha-hawaii.com/cu...
"CHOP SUEY
Kapakahi; all mixed up."
But go ahead, tell me more about what a local boy you were, and how haoles taught you how to speak pidgin :)
Is that the acceleration of the attack?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?