Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com)

← Back to Stories (view on slashdot.org)

Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com)

Posted by EditorDavid on Sunday September 25, 2016 @04:39AM from the deeply-grateful dept.

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.
One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."

149 comments

Min score:

Reason:

Sort:

Off by a little bit... by DeusExCalamus · 2016-09-25 04:45 · Score: 3, Informative

The Krebsonline DDoS was 600gbits+, not megabits.

--
"...Sleep comes like a drug in God's country Sad eyes, crooked crosses in God's country..."
Title traffic volume is only off by 1000 times by Anonymous Coward · 2016-09-25 04:45 · Score: 0

665 Gigabits per second.
1. Re:Title traffic volume is only off by 1000 times by NotInHere · 2016-09-25 04:47 · Score: 1, Funny
  
  On a logarithmic scale, thats a constant.
2. Re:Title traffic volume is only off by 1000 times by CanadianRealist · 2016-09-25 06:06 · Score: 0
  
  A constant? You mean as opposed to the very variable number 1000?
3. Re:Title traffic volume is only off by 1000 times by Anonymous Coward · 2016-09-25 07:17 · Score: -1
  
  WTF are you talking about? On a logarithmic scale, a constant is a constant and a variable is a variable. Taking the logarithm of something doesn't magically make it a constant if it wasn't one before.
  The stupidity of mathematical statements on this site is alarming (if not surprising).
4. Re:Title traffic volume is only off by 1000 times by KiloByte · 2016-09-25 07:46 · Score: 0
  
  Since we're not talking about marketing department of a hard disk company nor a committee sponsored by them, the number is 1024 not 1000.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
5. Re:Title traffic volume is only off by 1000 times by Anonymous Coward · 2016-09-25 08:09 · Score: -1
  
  Since we're not talking about marketing department of a hard disk company nor a committee sponsored by them, the number is 1024 not 1000.
  Networks have never been powers of 2. They are time sequences of bits, just like hard disks, and hence there is no fundamental relationship to the power of 2.
6. Re:Title traffic volume is only off by 1000 times by ls671 · 2016-09-25 10:49 · Score: 1
  
  And you are off by 24.
  
  --
  Everything I write is lies, read between the lines.
That is huge.. by sTERNKERN · 2016-09-25 04:51 · Score: 1

600gbits+ is a huge volume of traffic. I bet it was not cheap to get it done. I wonder who would have the motive and the money to do such a thing.
1. Re:That is huge.. by Anonymous Coward · 2016-09-25 04:59 · Score: 2, Insightful
  
  Seeing as how the attacks occured after he posted a series of articles on Israeli-run company vDOS...and that the traffic was larger than practically any other DDoS attack that's been recorded?
  It's pretty obvious who has the money and the motive, Israel. They co-opted one of their own, slimy companies to do their dirty work, if it ever blew up in their faces they could bring charges down on vDOS and deny responsibility. vDOS alone can't generate 600+ gigabits of traffic, that's beyond the capacity of any publicly-known, existing botnet. That sort of traffic is generated by an entire country, not a single company.
  I'm sure this will be downvoted to hell for being "anti-Semitic" or some other such nonsense, it's just a simple answer to a simple question. Israel is trying to silence American journalists regarding their "cyberwarfare" efforts and they handed over the task of seeking revenge to vDOS for the sake of plausible deniability.
2. Re:That is huge.. by Dutch+Gun · 2016-09-25 05:02 · Score: 4, Interesting
  
  From Kreb's site:
  
  Many readers have been asking whether this attack was in retaliation for my recent series on the takedown of the DDoS-for-hire service vDOS, which coincided with the arrests of two young men named in my original report as founders of the service.
  How about the folks who provide DDOS for hire? For them it costs nothing (if they're just using spare capacity), since they own the botnets. And at the same time, they're sort of advertising their wares at the same time.
  This sort of thing is just going to get worse when crappy / non-existant IoT security devices exposed themselves to the web via large-capacity fiber and cable connections. It's already bad enough with compromised routers and computers. Most people won't get protected. They'll just get knocked off the web at will by people like this.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
3. Re:That is huge.. by Dutch+Gun · 2016-09-25 05:13 · Score: 4, Insightful
  
  Reading further in comments, I saw this comment from Krebs (emphasis mine):
  
  Actually, the intel I’m gathering suggests it’s not routers at issue, but mostly DVRs and some IP cameras.
  So, sounds like the Internet of Things is already biting us fairly hard these days. OS makers for computers and phones have made those platforms much harder to compromise than they used to be, and regularly patch known vulnerabilities. But I fear IoT manufacturers are going to make all the same, old mistakes that PCs went though over the past decade or so, instead of gleaming the hard-won knowledge of best security practices.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
4. Re:That is huge.. by Dutch+Gun · 2016-09-25 05:16 · Score: 0
  
  Aaaaand... like an idiot, I failed to notice that this information is right there in the summary. How often does one read TFA and fail to read the summary? That has to count for something, right?
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
5. Re:That is huge.. by ArmoredDragon · 2016-09-25 05:24 · Score: 1, Insightful
  
  I kind of doubt that the Israeli government was involved in a company whose main customers are common internet trolls that want to (for a fee) knock video game streamers offline for 5 minutes to cause them to lose an arena match in world of warcraft. Seriously, that's the biggest revenue driver for a company like vDOS.
  The fact that it was located in Israel is likely coincidence, more than anything. It wouldn't surprise me if a collection people who offer these "booter" services didn't like the thought that somebody could possibly expose them, which is bad for their business, and they simply retaliated. Perhaps to send a message of "leave us alone"? Who knows. People have done worse to krebs for exposing illegal activity, like mailing drugs to his address and then reporting him to police, or SWATing him. Oh, and did I mention, these are also tactics that trolls have used against world of warcraft streamers?
  The fact that you're turning this into a big government conspiracy just because of the fact that it's in Israel is possibly anti-semetic however, as I doubt you'd make a similar claim if the company operated in Nicuragua for example.
6. Re:That is huge.. by coastwalker · 2016-09-25 05:25 · Score: 1
  
  Although it would be convenient for someone out for fun or an enemy of Israel to attack a target that Israel could be blamed for. I think we should wait for some forensics before blaming anyone.
  
  --
  Facts are history now plebs have politics for religion on social media.
7. Re:That is huge.. by Anonymous Coward · 2016-09-25 05:32 · Score: 1
  
  I agree but your use of vowels is anti-semantic
8. Re: That is huge.. by icebike · 2016-09-25 06:30 · Score: 1
  
  Agreed. But the rush to judgement is already in full swing. Camers, DVRs and routers. Oh my! Don't you dare mention Windows!!
  As far as I'm concerned there isn't a shred of evidence that this was IOT based.
  
  --
  Sig Battery depleted. Reverting to safe mode.
9. Re: That is huge.. by Anonymous Coward · 2016-09-25 07:05 · Score: 0
  
  Probably the "owner" of the botnet who he was writing about.
10. Re:That is huge.. by rudy_wayne · 2016-09-25 07:37 · Score: 3, Interesting
  
  [T]his sort of thing is just going to get worse when crappy / non-existant IoT security devices exposed themselves to the web via large-capacity fiber and cable connections. [I]t's already bad enough with compromised routers and computers. Most people won't get protected. [T]hey'll just get knocked off the web at will by people like this.
  As noted in the article: "the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic"
  There is something of an inverse relationship -- at least in the U.S. The bigger an ISP is, the less likely they are to give a shit.
11. Re:That is huge.. by Anonymous Coward · 2016-09-25 07:41 · Score: 1
  
  But I fear IoT manufacturers are going to make all the same, old mistakes that PCs went though over the past decade or so, instead of gleaming the hard-won knowledge of best security practices.
  Security, done properly, is expensive. When your business is based entirely on selling cheap shit, there's no room in the profit margin for proper security.
12. Re: That is huge.. by Anonymous Coward · 2016-09-25 07:45 · Score: 0
  
  VDos was run by criminals, who were arrested by the Israelis, you blithering fucking moron.
13. Re: That is huge.. by Anonymous Coward · 2016-09-25 13:45 · Score: 0
  
  Anti-semete
14. Re: That is huge.. by Anonymous Coward · 2016-09-25 17:11 · Score: 0
  
  Negative points.
15. Re:That is huge.. by Anonymous Coward · 2016-09-25 19:11 · Score: 0
  
  DDoS is cheap these days. Cheaper than ever. It's a race to the bottom.
16. Re:That is huge.. by xtsigs · 2016-09-25 21:35 · Score: 1
  
  But I fear IoT manufacturers are going to make all the same, old mistakes that PCs went though over the past decade or so, instead of gleaming the hard-won knowledge of best security practices.
  Enough PC users demanded greater security because they saw a negative impact on performance. If DVR performance is not degraded, then not many will notice or care enough to spend a few extra dollars for the security.
  Verizon is continually attempting to sell me more bandwidth and higher performing equipment (router, DVR). They rarely even mention security in their pitch. They'll first sell me upgrades to accommodate the malware overhead. I expect that they'll start playing up the security angle when they think they can make more money from doing so. Now I wonder if it is not in their financial best interests to downplay the security threat and sell the performance upgrades.
17. Re: That is huge.. by GinaDEEE · 2016-09-26 05:07 · Score: 1
  
  Anti-semete
  Anti-semitic, not either of the previous two spellings...although anti-semantic was ironically appropriate.
18. Re: That is huge.. by Anonymous Coward · 2016-09-27 06:48 · Score: 0
  
  It *could* be viewed as a backhanded *compliment* to the Israelis - Nigeria wouldn't have the resources or expertise...
19. Re: That is huge.. by Anonymous Coward · 2016-09-27 06:50 · Score: 0
  
  Nicaragua. Whatever. Same point.
20. Re: That is huge.. by Anonymous Coward · 2016-09-27 14:54 · Score: 0
  
  I believe the appropriate comment is WHOOOOOOSH!
21. Re: That is huge.. by Anonymous Coward · 2016-09-27 15:06 · Score: 0
  
  apart from pretty much every ddos lately being IoT's you mean?
We're all nation states now! by destinyland · 2016-09-25 04:52 · Score: 2

Krebs quoted his mentor as saying this:

"DDoS attacks have become the Great Equalizer between private actors and nation-states."
Easy back-up solution by BarbaraHudson · 2016-09-25 04:55 · Score: -1

Just use email to send stories to people who are interested. No web server needed. Problem solved. New subscribers from word of mouth. Cheap, easy, effective.

--
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
1. Re:Easy back-up solution by mhkohne · 2016-09-25 05:07 · Score: 1
  
  Just use email to send stories to people who are interested. No web server needed. Problem solved. New subscribers from word of mouth. Cheap, easy, effective.
  Useless. Without the ability for someone to link to the story it can't get large-scale play - going viral can't really happen via e-mail these days.
  
  --
  A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
2. Re:Easy back-up solution by BarbaraHudson · 2016-09-25 05:18 · Score: 1
  
  Anyone can forward an email, or have you forgotten that? It's even easier that cut-n-pasting a link.
  As for the stupidity of going viral, maybe it's time to end that pointless metric of relevance.
  About the only important stories going viral are about Hillary's emails :-)
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
3. Re:Easy back-up solution by Anonymous Coward · 2016-09-25 05:27 · Score: 0
  
  You cannot forward an email on twitter.
  Facebook you'd have to cut & paste the entire wall of text.
  Email has a place but without a direct link you well be less read.
4. Re:Easy back-up solution by bheerssen · 2016-09-25 05:39 · Score: 1
  
  Just use email to send stories to people who are interested. No web server needed. Problem solved. New subscribers from word of mouth. Cheap, easy, effective.
  Useless. Without the ability for someone to link to the story it can't get large-scale play - going viral can't really happen via e-mail these days.
  My crazy uncle's inbox would beg to differ.
  
  --
  (Score: -1, Stupid)
5. Re: Easy back-up solution by icebike · 2016-09-25 06:35 · Score: 1
  
  What computer related site would not carry Free articles from Krebs hosted on their own site?
  
  --
  Sig Battery depleted. Reverting to safe mode.
6. Re:Easy back-up solution by KiloByte · 2016-09-25 07:57 · Score: 1
  
  As if we had a network of store-and-forward servers that can disperse email-like messages over the world, scalable as every server serves only local clients. Such messages could then be archived or expired based on a configurable policy. It might be less usable during a September, but since the Eternal one has ended, we can somehow wait these five days :p
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
7. Re:Easy back-up solution by BarbaraHudson · 2016-09-25 08:28 · Score: 1
  
  If everything was done via email, so would twitter. Same with facebook. Or are you unclear of the concept of email?
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
8. Re: Easy back-up solution by RandomFactor · 2016-09-25 09:02 · Score: 1
  
  One that wanted to stay online i suspect...
  Painting that target on your site would be an existential risk for most. Moral high ground is cold comfort if you don't make payroll.
  Goog to the rescue. Give them their props.
  
  --
  --- Mercutio was right.
9. Re:Easy back-up solution by Chibi+Merrow · 2016-09-25 09:46 · Score: 1
  
  Are you unclear on the fact that people generally don't use email for the majority of their online communication? Case in point, we're not communicating via email right now.
  
  --
  Maxim: People cannot follow directions.
  Increases in truth directly with the length of time spent explaining them
10. Re:Easy back-up solution by BarbaraHudson · 2016-09-25 12:36 · Score: 1
  
  Are you unclear with the fact that people used to use email for the majority of their online communication? Just because we're doing things in an easy-to-DOS way now doesn't mean we have to.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
11. Re:Easy back-up solution by AHuxley · 2016-09-25 12:47 · Score: 1
  
  Yes as the main social media sites get patrolled by "volunteers" making uploaded content harder to fund, find or even keep online.
  People then have to stop their US protected free speech or find other more creative ways of getting round big multinationals and their new global "safe" branding.
  Email, direct apps are just one of many great ways to totally circumvent brand management and the control of free speech on emerging social media.
  The fine print about new community standards and volunteers who enforce such efforts can be very chilling with an offer of free support.
  
  --
  Domestic spying is now "Benign Information Gathering"
12. Re:Easy back-up solution by Anonymous Coward · 2016-09-26 03:38 · Score: 0
  
  If everything was done via email, so would twitter. Same with facebook. Or are you unclear of the concept of email?
  If you think email cannot be DDOSed then what's clear is that you have no idea how email works.
13. Re:Easy back-up solution by BarbaraHudson · 2016-09-26 03:49 · Score: 1
  
  Kind of hard to DOS a private email server that you don't even know exists. Or are you unclear of the concept. As for DOSing Facebook or Twitter, you have my blessing :-)
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
14. Re:Easy back-up solution by david_thornley · 2016-09-26 08:25 · Score: 1
  
  I fail to see your point. You seem to be saying that things would be better if we went back to the good old days when people used email for their online communications. It may be true, but I don't see that it's relevant to what should be done now.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
15. Re:Easy back-up solution by BarbaraHudson · 2016-09-26 08:44 · Score: 1
  
  What I'm saying is that private email servers only known to the users are much more easily hidden than a web sit with a dns entry. Can't DOS what you don't know exists. Much more or dark than the so-called darknet. How many ip6 addresses are they going to have to portscan to find one?
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
16. Re:Easy back-up solution by Killall+-9+Bash · 2016-09-26 09:40 · Score: 1
  
  Do you not know how email works? If I know your email address, I know your mail server.
  
  All I have to do is--
  c:>nslookup
  default server: google-public-dns-a.google.com
  address: 8.8.8.8
  >set q=mx
  >target-domain.com
  default server: google-public-dns-a.google.com
  address: 8.8.8.8
  
  Non-authoritative answer:
  target-domain.com MX preference = 0 mail exchanger = mailserver.target-domain.com
  
  Of course, you don't HAVE to have a DNS MX record pointing to your mail server. You only need one of those if you want people to be able to SEND YOU MAIL.
  
  --
  "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
17. Re:Easy back-up solution by BarbaraHudson · 2016-09-26 12:31 · Score: 1
  
  You can operate a mail server, an ftp server, even a web server without a DNS entry. Without a DNS entry they would have to have the actual IP. nslookup is useless in such cases.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
18. Re:Easy back-up solution by Gumbercules!! · 2016-09-26 13:21 · Score: 1
  
  What if they're using a 3rd party mail filtering service, like Trend Micro? Then their MX record would be Trend Micro, not their server.
19. Re:Easy back-up solution by david_thornley · 2016-09-27 04:00 · Score: 1
  
  Running a mail server without a DNS entry is normally dumb. Filters tend to reject email from such a server, and users have been told to distrust such.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
20. Re:Easy back-up solution by BarbaraHudson · 2016-09-27 04:39 · Score: 1
  
  Whitelists. Anyone using such a setup should have a modicum of ability to follow directions on how to do so. And if they don't, their machine is most likely going to be part of a bot at some point or infected or whatever, so ... self-selecting safe group to communicate with.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
21. Re:Easy back-up solution by Anonymous Coward · 2016-09-30 04:15 · Score: 0
  
  I mean, everything you've been saying is true from a technical perspective. But the burden of IT overhead that would be placed on individuals in your scenario is unlikely to result in success. For a bunch of hobbyist nerds who want to pass ezines around, fine.
22. Re:Easy back-up solution by BarbaraHudson · 2016-09-30 04:31 · Score: 1
  
  And for every nerd, there are at least a dozen "nermals" that they provide free tech support in return for beer and pizza.
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Really? by Anonymous Coward · 2016-09-25 04:56 · Score: 0

Doesn't seem "up" to me...
1. Re:Really? by coastwalker · 2016-09-25 05:13 · Score: 1
  
  No joy in the UIK either, the site does not respond.
  
  --
  Facts are history now plebs have politics for religion on social media.
2. Re:Really? by gweihir · 2016-09-25 06:21 · Score: 1
  
  DNS-propagation can take several hours, and even longer under some circumstances.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:Really? by ls671 · 2016-09-25 11:01 · Score: 1
  
  No problems here, I run my own DNS and flush the cache at will if needed to query the root server and then authoritative server etc. Handy for testing sometimes when moving domains. Once the customer domain moved and the tests are conclusive, it happens that I have to tell the customer that his previous provider should have set the TTL lower than 3 weeks so people using their provider DNS could see the site a little earlier ;-)
  I usually set TTL from 10 minutes (dyndns) to 6 hours depending on the domain to make moving easier.
  
  --
  Everything I write is lies, read between the lines.
4. Re:Really? by gweihir · 2016-09-26 22:53 · Score: 1
  
  No idea. Maybe you are missing some potentially hidden intermediate server that cashes an earlier error. I had access to the site as soon as this story was up.
  Incidentally, the TTLs on my own DNS servers are down to a max of 6h as well after I initially misconfigured something and then had to wait for 2 days for the cached errors to expire. Makes the principles of DNS-caching pretty clear to you ;-)
  Dynamic DNS is on 1 minute, same as dyndns.org uses (or used when I last checked).
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
i read this as.... by Anonymous Coward · 2016-09-25 05:02 · Score: 0, Insightful

the hackers saying "challenge accepted".
they turned akamai into mush and destroyed their reputation (why the fuck would anyone choose them for ddos mitigation now?).
with a near-infinite source of greedy, moronic "IoT" manufacturers and the gear they produce, google shall soon fall.
too bad krebs didn't just start posting his blog to facebook instead.
1. Re:i read this as.... by gweihir · 2016-09-25 06:20 · Score: 1
  
  too bad krebs didn't just start posting his blog to facebook instead.
  While I like the sentiment, I highly doubt anybody can bring them down via DDoS.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:i read this as.... by Anonymous Coward · 2016-09-25 06:59 · Score: 0
  
  I would hate t have to sign up for Faceplant just to follow Krebs.
3. Re: i read this as.... by Anonymous Coward · 2016-09-25 08:21 · Score: 1
  
  I'm sure google can fight back. This is an opportunity to reclaim those devices. Think about it. Google will just sit there and take it?
Kudos to google by QuietLagoon · 2016-09-25 05:08 · Score: 4, Insightful

I was wondering if one of the big ones would step up to the plate on this one.
.
Funny, I don't know why, but facebook was never one of the ones I thought might do it.
1. Re:Kudos to google by Anonymous Coward · 2016-09-25 05:31 · Score: 0
  
  To be fair... Facebook is small compared to Google.
2. Re:Kudos to google by Anonymous Coward · 2016-09-25 06:14 · Score: 0
  
  He could have posted his blogs in Facebook comments, and indirectly Facebook would have protected him.
3. Re:Kudos to google by thegarbz · 2016-09-25 07:25 · Score: 1
  
  Could that be because Facebook don't offer this kind of service?
4. Re: Kudos to google by Anonymous Coward · 2016-09-25 12:06 · Score: 1
  
  It was suggested to him but he said no because under the ToS Facebook would own his material and Facebook would earn the ad revenue. Which is his livelihood.
5. Re:Kudos to google by Anonymous Coward · 2016-09-25 19:46 · Score: 0
  
  Good job he doesn't criticise Hillary Clinton.
  Don't forget that Google has been actively censoring criticism of her and manipulating search results.
6. Re:Kudos to google by bad-badtz-maru · 2016-09-26 03:53 · Score: 1
  
  The service is actually available to anyone serving news, human rights, or election monitoring, or human rights content. A slashdotter actually suggested the service in the article that appeared here a few days ago.
Aaaaand Krebs thrashes more people by smooth+wombat · 2016-09-25 05:11 · Score: 3, Insightful

the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic,

Nothing like sticking your finger in the eyes of those who keep claiming they need to restrict bandwidth to their paying users while at the same time delivering slow speeds for exorbitant prices.

Apparently those hundreds of millions of free dollars generated every month by Comcast/Verizon/et al can't be used for anything useful such as implementing security filtering to slow/prevent this situation.

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
1. Re: Aaaaand Krebs thrashes more people by spongman · 2016-09-25 07:23 · Score: 3, Insightful
  
  Google could solve this in a day by flagging its search results page with a "your ISP is supporting cybercrime" warning.
make people responsible for their shit. by Anonymous Coward · 2016-09-25 05:13 · Score: 0

You are not allowed to go on the road with your badly maintained, unsafe car. Not because we care about you, but because you may hurt others.
Why then is it perfectly legal to connect your badly maintained, unsafe computers to the internet?
I am not talking draconian measures here, just sensible regulations. Like force ISP's to disconnect zombies until their customers has their act together again, and fine them if they neglect this duty.
1. Re:make people responsible for their shit. by Anonymous Coward · 2016-09-25 15:26 · Score: 0
  
  This is a fantastic idea!! If I steal your car and run some people over you should be 100% liable for failing to secure your car! Seems simple enough to me!
2. Re:make people responsible for their shit. by Anonymous Coward · 2016-09-26 06:05 · Score: 0
  
  If we're being reasonable (law never is, though) there's no liability at all, just "good practice" and ISPs voluntarily cooperating. They could issue notices about a "potentially faulty/compromised device" and warn about possibly ignoring traffic ("click here if you think this device is nominal")
  
  Copyrights demand notices sent to customers all the time, is this so different?
I wonder how well.. by Z80a · 2016-09-25 05:16 · Score: 1

They would fare by using cloudflare instead.
1. Re: I wonder how well.. by Anonymous Coward · 2016-09-25 05:40 · Score: 0
  
  We probably would just see that dumb cloudflare redirection page instead.
2. Re: I wonder how well.. by Anonymous Coward · 2016-09-25 05:44 · Score: 0
  
  The real solution is to move the web to a distributed model. Instead of your browser connecting directly to a web server it would connect to a swarm.
3. Re: I wonder how well.. by Z80a · 2016-09-25 05:59 · Score: 1
  
  That's the exact description of the cloudflare.
  Except they connect to your web server when it updates, and when the site itself have an dynamic vulnerability that can be exploited, or the attacker gets the hold of your real IP number, stuff goes down.
4. Re:I wonder how well.. by Zocalo · 2016-09-25 06:12 · Score: 4, Interesting
  
  I can't see Brian Krebs moving to Cloudflare under any circumstances. He's lain into them far too many times, and will likely continue to do so, over their support of various cybercrime operations like the vDOS stressor that his exposure of - and arrest of two suspects - likely lead to someone launching the DDoS that took him off line earlier this week. As Krebs sees it, Cloudflare are a major part of the problem and their activities are highly questionable since they directly benefit from people seeking protection from the very services Cloudflare are helping stay in operation; it just makes it easier to keep the moral highground if he's hosted elsewhere. Cloudflare's view is that because they are not actually hosting the sites themselves, just hosting a reverse proxy that redirects traffic to them, they are on firm legal ground and are doing nothing wrong.
  
  Something to think about, if you're in the market for DDoS protection...
  
  --
  UNIX? They're not even circumcised! Savages!
5. Re:I wonder how well.. by Anonymous Coward · 2016-09-25 10:00 · Score: 1
  
  It's very possible that CloudFlare is hosting the people who are responsible for the attacks against Krebs.
  CloudFlare has many criminal customers. Check out this recent list of DDoS/"Stresser"/"Booter" websites proudly hosted by CloudFlare:
  alphastress.com, anonymous-stresser.net, aurastresser.com, beststresser.com, boot4free.com, booter.eu, booter.org, booter.xyz, bullstresser.com, buybooters.com, cnstresser.com, connectionstresser.com, crazyamp.me, critical-boot.com, cstress.net, cyberstresser.org, darkstresser.info, darkstresser.net, databooter.com, ddos-fighter.com, ddos-him.com, ddos.city, ddosbreak.com, ddosclub.com, ddostheworld.com, defcon.pro, destressbooter.com, destressnetworks.com, diamond-stresser.net, diebooter.com, diebooter.net, down-stresser.com, downthem.org, exitus.to, exostress.in, free-boot.xyz, freebooter4.me, freestresser.xyz, grimbooter.com, heavystresser.com, hornystress.me, iddos.net, inboot.me, instabooter.com, ipstresser.co, ipstresser.com, jitterstresser.com, k-stress.pw, layer-4.com, layer7.pw, legionboot.com, logicstresser.net, mercilesstresser.com, mystresser.com, netbreak.ec, netspoof.net, networkstresser.com, neverddos.com, nismitstresser.net, onestress.com, onestresser.net, parabooter.com, phoenixstresser.com, pineapple-stresser.com, powerstresser.com, privateroot.fr, purestress.net, quantumbooter.net, quezstresser.com, ragebooter.net, rawlayer.com, reafstresser.ga, restricted-stresser.info, routerslap.com, sharkstresser.com, signalstresser.com, silence-stresser.com, skidbooter.info, spboot.net, stormstresser.net, str3ssed.me, stressboss.net, stresser.club, stresser.in, stresser.network, stresser.ru, stresserit.com, synstress.net, titaniumbooter.net, titaniumstresser.net, topstressers.com, ts3booter.net, unseenbooter.com, vbooter.org, vdos-s.com, webbooter.com, webstresser.co, wifistruggles.com, xboot.net, xr8edstresser.com, xtreme.cc, youboot.net
  If CloudFlare would stop providing bulletproof hosting for criminals and spammers, the internet would be a better place. But CloudFlare apparently loves its criminal customers. DDoS purveyors, terrorist websites, malware distributors, CloudFlare seems to welcome them all to its hive of scum and villainy. Maybe it's time to revive the concept of the Usenet Death Penalty and apply it to all traffic to and from CloudFlare. They're the sewer of the internet and should be null routed and de-peered.
  See also: CloudFlare Watch
6. Re:I wonder how well.. by KozmoStevnNaut · 2016-09-25 21:02 · Score: 3, Informative
  
  Cloudflare doesn't work for shit. There was a DDoS attack against Something Awful recently, and the DDoS "protection" crumbled almost completely.
  
  --
  Eat the rich.
7. Re:I wonder how well.. by Anonymous Coward · 2016-09-25 22:21 · Score: 0
  
  Worth noting though that Cloudflare did offer to host his site when Akamai dropped it. I don't think Akamai can really be allowed to get off scot-free either when it's sent the message that DDoS works.
  Good on Google for spinning that message right back around when the hosting providers insist on being part of the problem in their own distinct ways.
site still down? by Forever+Wondering · 2016-09-25 05:25 · Score: 2, Informative

I just tried the two top links and get:

Firefox can't establish a connection to the server at krebsonsecurity.com.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

--
Like a good neighbor, fsck is there ...
1. Re:site still down? by Anonymous Coward · 2016-09-25 05:32 · Score: 0
  
  I've noticed the site bouncing from 127.0.0.1 and an actual address twice today.
2. Re:site still down? by Bruce+Perens · 2016-09-25 05:59 · Score: 1
  
  It might take some time for DNS changes to propogate. The IP address was set to localhost for a while to get the attacks off of the net.
  
  --
  Bruce Perens.
3. Re:site still down? by Solandri · 2016-09-25 06:13 · Score: 2
  
  Yeah, probably DNS propogation. It works for me.
  
  The IP address was set to localhost for a while to get the attacks off of the net.
  Shouldn't the IP address be set to one of the attacking IP addresses, so the person/ISP with the compromised device has to deal with all that traffic? Collect the attacking IP addresses, find which ISP is the source of biggest share of them, and redirect the entire attack back at them. When they clean their act up (e.g. implement BCP38), move on to next ISP with the most attackers. Rinse, repeat.
4. Re:site still down? by Anonymous Coward · 2016-09-25 07:02 · Score: 0
  
  When he took his site down a couple of days ago, the DNS records got changed to 127.0.0.1. Which I find to be quite funny, but I have no idea whether the bots started to attack themselves or not.
5. Re:site still down? by Anonymous Coward · 2016-09-25 07:10 · Score: 0
  
  Yeah, probably DNS propogation. It works for me.
  
  The IP address was set to localhost for a while to get the attacks off of the net.
  Shouldn't the IP address be set to one of the attacking IP addresses, so the person/ISP with the compromised device has to deal with all that traffic? Collect the attacking IP addresses, find which ISP is the source of biggest share of them, and redirect the entire attack back at them. When they clean their act up (e.g. implement BCP38), move on to next ISP with the most attackers. Rinse, repeat.
  Isn't it funny that localhost does just that basically and to all attackers at once? It also has the added benefit that the attack is even faster as it isn't limited by network speed.
6. Re:site still down? by umghhh · 2016-09-25 07:13 · Score: 1
  
  works for me now.
7. Re:site still down? by thegarbz · 2016-09-25 07:25 · Score: 1
  
  Fine for me.
8. Re:site still down? by Anonymous Coward · 2016-09-25 07:45 · Score: 0
  
  dig @8.8.8.8 krebsonsecurity.com
9. Re:site still down? by Anonymous Coward · 2016-09-25 07:56 · Score: 0
  
  Shouldn't the IP address be set to one of the attacking IP addresses, so the person/ISP with the compromised device has to deal with all that traffic? Collect the attacking IP addresses, find which ISP is the source of biggest share of them, and redirect the entire attack back at them. When they clean their act up (e.g. implement BCP38), move on to next ISP with the most attackers. Rinse, repeat.
  Isn't it funny that localhost does just that basically and to all attackers at once? It also has the added benefit that the attack is even faster as it isn't limited by network speed.
  But redirecting your own traffic back to localhost doesn't do anything like what Solandri suggested. The "traffic" never leaves the infected device (only the DNS lookup does). The infected device's ISP doesn't even see the traffic, much less have incentive to clean up their act. The suggestion was more of a counterattack, and probably a good idea too (note I'm no lawyer).
10. Re:site still down? by choprboy · 2016-09-25 08:57 · Score: 1
  
  Yeah... I had to flush our DNS servers last night. The problem was not that the host record was set to localhost, but that the SOA (Start of Authority) changed from Akimai to GoogleDomains. The old Akimai SOA had a multi-day expiration lifetime and the Akimai servers are still giving out a valid A record response of localhost with a 5min expiration. So until the SOA ages out of various name servers, it will remain unreachable for some.
11. Re:site still down? by choprboy · 2016-09-25 09:12 · Score: 3, Insightful
  
  Shouldn't the IP address be set to one of the attacking IP addresses, so the person/ISP with the compromised device has to deal with all that traffic? Collect the attacking IP addresses, find which ISP is the source of biggest share of them, and redirect the entire attack back at them.
  And which one of the estimated 200,000 attacking IPs would you target with this? How would the ISP responsible for that IP know that the one IP was part of the problem when being hit with a DDOS from 199,999 other IPs not under their control? The correct response to criminal activity is not to continue the criminal activity.
  Due to the fact that many of the nets abuse handling channels are ineffective (roughly half take no observable action in my experience), perhaps a more effective long term solution would be for the major CDNs, Google, Facebook, etc., to get together and work on notifying end users more directly. In this case, the CDNs/etc. could implement a shared/dynamic blocking list for those 200k IPs such that no content would be delivered, only an error message indicating that their equipment is compromised. The end user would still be free to use the internet and transmit traffic, but their favorite sites would be useless until they clean their equipment/submit a removal request. This provides direct pressure on the end user creating the problem, and by extension their ISP thru support desk calls, to clean up the compromised systems.
12. Re:site still down? by Anonymous Coward · 2016-09-25 10:33 · Score: 0
  
  there will be no dns lookup for 127.0.0.1 if the resolver is properly configured
13. Re:site still down? by Bruce+Perens · 2016-09-25 10:43 · Score: 1
  
  Well, it could be directed to an IPV4 local network multicast address in the range of 224.0.0.0 to 224.0.0.255. That might at least wake up the device owner.
  
  --
  Bruce Perens.
14. Re: site still down? by Anonymous Coward · 2016-09-25 14:08 · Score: 0
  
  It's a lookup of krebsonsecurity.com not localhost.
A little less drink by Anonymous Coward · 2016-09-25 05:28 · Score: 0

Krebs, a little less drink.
Better be friendly to Google? by Anonymous Coward · 2016-09-25 05:44 · Score: 2, Insightful

Google's Project Shield is excellent, and will save a lot of independent journalists.
However, we probably need an alternative Project Shield for journalists that discuss topics Google wouldn't want to support (or be safe supporting).
Google by mrsam · 2016-09-25 05:48 · Score: 1

Dunno if that could ever possibly happen, but consider the following scenario
1. A poorly administered ISP ignores the fact that it's infested with zombie DDOS proxies.
2. Google starts returning a static web page stating "Your internet provider is unable to reach Google, please contact your Internet provider for support." message, instead of their home page, for queries from that ISP's IP address ranges.
Probably just a pipe dream for a lazy Sunday afternoon.
This will be what happens by Pinky's+Brain · 2016-09-25 06:04 · Score: 1, Insightful

All those people who agitate against an improved internet because they fear nebulous control and because it wouldn't be "trust" based are creating a situation where the real internet will become a bunch of centrally managed corporate networks which CAN block DDOS's. Whereas the open internet build on broken by design protocols and broken by design inter-connection contracts will wither and die.
The current internet isn't build on trust, it's build on quicksand. The current internet is inherently untrustworthy, you'd have to be insane to maintain it's build on trust.
We need a new internet fast, one build to be able to prevent DDOS's by design. Inter-connection contracts which require proper ingress filtering at customer edges and on request blocking at sources of malicious traffic, including large ranges if necessary. Any ISP which can't handle that can stay on the old "trust" based internet, the broken one. It will happen, either fully controlled by corporations, or in a community with an explicit social contract.
1. Re:This will be what happens by l0n3s0m3phr34k · 2016-09-25 06:44 · Score: 4, Insightful
  
  "build on broken by design protocols" Seriously? The Internet is NOT broken-by-design in any way. The original scope of the design did not include the system ever being an open-to-the-public system that supports a large portion of today's civilization. It was never, in it's original scope, designed to have public web servers, financial transactions, video streaming, or such. The original purpose of ARPANET, that eventually metamorphosed into the current internet, was "to exploit new computer technologies to meet the needs of military command and control against nuclear threats, achieve survivable control of US nuclear forces, and improve military tactical and management decision making". The entire thing wasn't designed to allow non-trusted actors on it in the first place.
  
  The design is solid. Your claim is like driving your car into a lake and then claiming the car is "broken by design" because it doesn't properly function as a water-going vehicle. Or that humans are "broken by design" because we can't breath a methane atmosphere.
2. Re:This will be what happens by Pinky's+Brain · 2016-09-25 07:39 · Score: 1
  
  Okay, let me rephrase then ... it's design is broken for it's current purpose.
  Cause we are trying to drive this car on the water.
3. Re:This will be what happens by Anonymous Coward · 2016-09-25 08:00 · Score: 0
  
  Sorry, but your analogy is completely wrong.
  
  The entire thing wasn't designed to allow non-trusted actors on it in the first place.
  
  Which was perfectly fine 50 years ago when the only computers that existed were multi-million dollar mainframes. Once the internet was opened up to the general public, the necessary changes should have been made to handle "non-trusted actors" and rigorously enforced. Failure to do so, and just leaving everything pretty much the same as it was in 1969, qualifies as "broken by design".
4. Re:This will be what happens by Anonymous Coward · 2016-09-26 02:09 · Score: 0
  
  here's how it really works. you can have filtering and iffy freedom, or you can have a free internet, and iffy filtering.
  pick one. choose wisely.
Seems Google gets publicity better than Akamai by gweihir · 2016-09-25 06:18 · Score: 2

I mean, what better opportunity to demonstrate the power of your solution and with free reporting on it as well? Nobody likes the DDoS terrorists (and yes, that is what they are for all practical purposes, because they are attacking critical infrastructure), so this can only go well.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
1. Re:Seems Google gets publicity better than Akamai by Anonymous Coward · 2016-09-25 06:33 · Score: 0
  
  I think that Akamai was just barely able to handle the DoS attack. Better to shed Krebs and take the bad press than to have your infrastructure break and get even worse press.
2. Re:Seems Google gets publicity better than Akamai by mhkohne · 2016-09-25 07:16 · Score: 1
  
  I'm not sure that's true - Akamai has announced to the world that they CAN be beaten down if the stick is big enough. I'm not sure, but I'd think that people who want Akamai for DOS resistance are going to remember this.
  
  --
  A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
3. Re: Seems Google gets publicity better than Akamai by Anonymous Coward · 2016-09-25 14:15 · Score: 1
  
  Except they withdrew the service because they were providing it for free. Presumably if you pay, they will provide whatever extra capacity is needed as per your contract.
BCP38 filtering by NevDull · 2016-09-25 06:19 · Score: 3, Interesting

The only way to get BCP38 filtering widespread is to hold ISPs liable for spoofed traffic originating on and exiting their network.
1. Re:BCP38 filtering by Anonymous Coward · 2016-09-25 06:51 · Score: 0
  
  Liable, so you mean the end users will have to pay more to cover their insurance and lawyers?
  No, thank you.
2. Re:BCP38 filtering by Anonymous Coward · 2016-09-25 08:42 · Score: 0
  
  No worries, when more and more attacks like this happen every few weeks, you can bet the rollout will happen very quickly.
  There has been actors out there who have been systemically testing the very core of the internet and web services.
  It is only a matter of time before this war goes full on and starts becoming a major annoyance to "people that matter", AKA the rich.
  Once some dickish banker loses a few dollarydoos, you bet heads will hang.
  The bigger issue is IoT devices which come with no security or ancient security.
  There are so many companies putting out these insecure devices.
  And worse is so many people demonize the entire IoT industry because there are a few bad companies making horrible shit.
  There are plenty of good IoT devices. Wouldn't use them myself though. Not the "everything needs the internets" type. (even less so depending on others services, would rather roll my own with my own server)
3. Re:BCP38 filtering by Anonymous Coward · 2016-09-25 09:43 · Score: 0
  
  Nah, there just need to be huge DoS attacks aimed at the right people, like major political parties, governments and equipment manufacturers. Once it gets to critical mass, big sites like Facebook, Twitter and Google can block ISPs that don't implement it from using certain services.
  Of course, that only prevents reflection attacks or ones with spoofed addresses. There are plenty of attacks you can do without those, especially when the sender is a bot or some other thing you don't eat the costs for.
4. Re:BCP38 filtering by Anonymous Coward · 2016-09-25 10:37 · Score: 0
  
  No, held liable as in other isp's won't forward their traffic because they can't tell if it is real or spoofed.
5. Re:BCP38 filtering by Bruce+Perens · 2016-09-25 10:45 · Score: 2
  
  We can lobby consumer router manufacturers to include it. Openwrt has a bcp38 package with no configuration, done by Dave Taht and the Cerowrt folks.
  
  --
  Bruce Perens.
How does "Joe" know? by Whibla · 2016-09-25 06:34 · Score: 1

Let's take a relatively smart, but also relatively ignorant, common man whose router, pvr, smart tv, etc have been compromised.
And if one or some of one's devices are partly responsible for this:
How would he know?
What steps can he take to find out if he's part of the problem?
And, perhaps as importantly, if he finds out he is, what can he do* to fix the problem and prevent it happening again?
There's no prize for good advice, but a detailed and thorough answer would be of use I'm sure :-).
*Yep, I can think of a few things: reset / re-flash / update; use a border firewall; ... but, if your devices have been 'pwned' before, if they're inherently vulnerable, what then?
1. Re:How does "Joe" know? by Anonymous Coward · 2016-09-25 07:42 · Score: 0
  
  "Whut? My 'fridge is hacked? Don't care, bygawd. Whut they gon' do, steal my beers? AHAHAH!"
2. Re:How does "Joe" know? by Pinky's+Brain · 2016-09-25 08:37 · Score: 3, Insightful
  
  Then your ISP should block them off from the internet.
3. Re:How does "Joe" know? by AHuxley · 2016-09-25 12:35 · Score: 1
  
  The ip would get found some of the larger sites like http://www.projecthoneypot.org... in the wild.
  An internet provider could then suggest an AV scan of that accounts connected "computers".
  
  --
  Domestic spying is now "Benign Information Gathering"
I know I'm too cynical by 93+Escort+Wagon · 2016-09-25 06:52 · Score: 1

But the timing of the two stories, yesterday and today, sure comes across to me like something that's been obviously stage-managed.

--
#DeleteChrome
1. Re:I know I'm too cynical by Wizy · 2016-09-25 07:10 · Score: 3, Insightful
  
  If you read the comments from yesterday's article you will notice someone asking about project shield and Bruce Perens noticing it. He then reached out to Google on Krebs behalf.
2. Re:I know I'm too cynical by mhkohne · 2016-09-25 07:18 · Score: 2
  
  You are too cynical. Google is well aware of Krebs (as is everyone in the security community). They will not have failed to notice his problems, and stepping in quickly enough to ride the PR wave is just a smart move on their part. No insidious plot needed.
  
  --
  A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
What we need is P2P-web by Anonymous Coward · 2016-09-25 07:44 · Score: 0

What we need is a peer-to-peer web.
That way, having browsed the content we can decide to share it, helping to mitigate these DDoSes.
which democracy exactly? by Anonymous Coward · 2016-09-25 07:44 · Score: 1

I call this rather unwelcome and hostile development the "The Democratization of Censorship...."
Which democracy ever came with each citizen getting control of a million strong botnet of insecure products?
This person is a tool to serve the narrative that it is a good thing in any way that Google is the one and only distributor of effective censorship 'protection' on the internet. What a racket. Literally.
1. Re: which democracy exactly? by Anonymous Coward · 2016-09-25 14:35 · Score: 0
  
  You have it backwards: his point is that up till now, censorship has been available only to the rich and famous.
  He also doesn't say that Google are the only protectors or that it's a good thing.
  Off to comprehension school for you.
Akamai backed out? Business decision? by Anonymous Coward · 2016-09-25 07:47 · Score: 0

That's kind of like the Italian Army stating that they made the business decision to withdraw from cities in bad standing with the Mafia.
There are just some business decisions you don't take because they lead nowhere good.
Heck ya!!!! by gamekeeper · 2016-09-25 08:56 · Score: 1

bout time... Congrats Mr. Krebs
So, how has all this worked out for Krebs? by Anonymous Coward · 2016-09-25 08:57 · Score: -1

Great amount of publicity...for some web site nobody normally cares about.
Oh look, my web site -- BuyYourFrogsAtBozos.com -- is under attack now.
Won't someone think of me, and the children?
1. Re:So, how has all this worked out for Krebs? by Anonymous Coward · 2016-09-25 21:21 · Score: 0
  
  Must be a bad attack, seems like the site is still down.
If I had a trunk, I'd be an elephant by raymorris · 2016-09-25 10:34 · Score: 1

> If everything was done via email, so would twitter.
If I had a trunk, I'd be an elephant*. I do not in fact have a trunk, and I'm not an elephant. Twitter is not an email listserv.
* I started to say "if Hill had a dick, she'd be Bill", but somehow that analogy just doesn't work the same when talking to you. :)
1. Re:If I had a trunk, I'd be an elephant by BarbaraHudson · 2016-09-25 12:37 · Score: 1
  
  Ha. Ha. Ha. Any comparison between me and the Clintons ... well ... you get it :-)
  
  --
  "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Akamai should go broke? For a non-customer? by raymorris · 2016-09-25 10:48 · Score: 4, Insightful

"Business decision" meaning "we decided we don't want to go out of business". 600+ Gbps was enough to cause real stress on Akamai's network, so that their customers, who pay the bills, started to be affected. Increasing their costs while reducing their revenue due to losing customers is a recipe for Akamai to go bankrupt.
If Kreb's had been paying Akamai a retainer they would have some responsibility to provide services to him, if they were able to do so. They have no responsibility to put themselves out of business on a charity case.
1. Re:Akamai should go broke? For a non-customer? by Anonymous Coward · 2016-09-25 20:44 · Score: 0
  
  I wonder how much business they'll lose by basically admitting they can't actually *handle* an attack like this :-)
2. Re:Akamai should go broke? For a non-customer? by Anonymous Coward · 2016-09-26 04:13 · Score: 0
  
  ...If Kreb's had been paying Akamai a retainer they would have some responsibility to provide services to him, if they were able to do so. They have no responsibility to put themselves out of business on a charity case.
  Don't assume that. I've heard stories of paying customers being shown the door when their sites became more trouble than they were worth due to an attack. Purely business there too.
Knew it was Joogle shills the other day... apk by Anonymous Coward · 2016-09-25 10:49 · Score: -1

https://it.slashdot.org/commen...
* TOO EASY to see thru - is your favorite color TRANSPARENT, Joogle shills?
(YES is the answer... lol!)
APK
P.S.=> Puny IMITATION - it's ALL "your kind" is capable of - MS & Amazon have had setups like this, reverse proxy route & cdn distribution of parts galore, for ages... apk
1. Re:Knew it was Joogle shills the other day... apk by bad-badtz-maru · 2016-09-26 06:10 · Score: 1
  
  Sorry to ruin your zeal but I'm not nearly smart enough to work for Google. I make my living as a lowly "business application" developer.
2. Re:Knew it was Joogle shills the other day... apk by Anonymous Coward · 2016-09-28 03:17 · Score: 0
  
  See subject: Pissed off I handed you YOUR ASS on MS & Amazon handling DDoS easily? Yes -> https://it.slashdot.org/commen...
  * LMAO!
  (You're WEAK...)
  APK
  P.S.=> This is EXACTLY HOW I know I've gotten the best of dolts like you - you start "gossiping" behind my back like I'm not around to see it which only PROJECTS you're "butthurt" over the fact I pointed out what MS & Amazon have done for YEARS now vs. DDoS/DoS (along w/ other valid measures I pointed out to protect vs. it)... apk
3. Re:Knew it was Joogle shills the other day... apk by bad-badtz-maru · 2016-09-28 05:36 · Score: 1
  
  Since I neither launched the DDoS nor had any suggestions as to how to mitigate it, how did you "hand me my ass" and "get the best of me"? I offered nothing.
EditorDavid by Anonymous Coward · 2016-09-25 12:40 · Score: -1

600Gbps DDoS...
Spelling! by Anonymous Coward · 2016-09-25 19:30 · Score: 0

It's gleaning, not gleaming!
TTANSTAAFL by ThatsNotPudding · 2016-09-25 23:39 · Score: 1

What happens when Brian comes across some nefarious shenanigans that Google has pulled? A moment of hesitation - even subconsciously?
Zombies blacklist by Anonymous Coward · 2016-09-26 00:09 · Score: 0

The long term solution is a realtime tripwire and blacklist for zombie machines and an uncompromising policy like Spamhaus applies to junk email.
If somebody allows their machine to be rooted and compromised then they are not an innocent victim they are an accompliance, the same is true for ISP that tolerate this.
ISP should cut them off, if the ISP fails to do so, upsteam ISPs and backbones should do it.
If Google cut off all the ISPs hosting botnets, they would quickly disappear, b
Agreed & I suspected it yesterday too by Anonymous Coward · 2016-09-26 02:29 · Score: 0

In my 'p.s.' section of this post https://it.slashdot.org/comments.pl?sid=9692843&cid=52949935/
APK
P.S.=> Bit "fishy" imo as well - & "Project Shield" is just an imitation of what Microsoft & Google have done for years vs. DDoS http://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ reverse-proxy routing & cdn distribution of parts + detection & block of attackers... apk
200,000 attackers or maybe 600 Google Fiber's? by Anonymous Coward · 2016-09-26 07:16 · Score: 0

It looks like Google Fiber offers a theoretical max of 1Gbps for both upload and download. So in theory this could be done with about 600ish PC's with that kind of ISP connection, right (assuming there was no overhead - so worst case maybe 1000 or so required???)
Your problem = offering zero... apk by Anonymous Coward · 2016-09-28 05:45 · Score: 0

See subject: By comparison I offered nearly every possible defense vs. small-to-large scale DDoS there is https://yro.slashdot.org/comments.pl?sid=4755487&cid=46161879/ which I was upmodded for as well - see subject.
* Additionally see the fact you're PISSED OFF trying to "talk behind my back" like most incompetents I trash with technical data on /. always do-> https://it.slashdot.org/comments.pl?sid=9707709&cid=52976239/
APK
P.S.=> See that subject - THAT is YOUR problem (vs. myself offering tons of valid defenses vs. that attack that actually work (MS & Amazon prove it + HAVE fielded attacks by the likes of Anonymous of huge size easily due to it)... apk
1. Re:Your problem = offering zero... apk by bad-badtz-maru · 2016-09-28 06:42 · Score: 1
  
  You need to go to the top of this thread. You thumb-thugged "knew it was Joogle shills the other day" right in this thread thinking I wouldn't see it. I handed you your ass and you were pissed about it.
  Since the original DDoS was 600+Gbps why would you even post small scale solutions? Pay attention to the thread and respond appropriately, don't cut-and-paste boilerplate. I sense a future of "needs to improve communication" on employer reviews.
I post anything possible vs. DoS/DDoS by Anonymous Coward · 2016-09-28 09:39 · Score: 0

See subject - says all I need to say... which was MORE than you offered by FAR!
APK
By the way... apk by Anonymous Coward · 2016-10-01 03:08 · Score: 0

I haven't HAD to be ANYONE's "wageslave" for nearly a decade & I run my own successful business instead (my monies work for ME - NOT the other way around).
* Don't even TRY tell ME what to do until you've done more, better, & EARLIER in the art & science of computing (which I am certain you haven't nor will you ever).
APK
P.S.=> Would you like to compare notes on that account? E.G. - when YOU can show you've done code that produced a FINALIST in the HARDEST CATEGORY @ Ms TechEd 2000-2002 as I have, for 2++ yrs. in a row no less there, in commercially sold code to this very day from a certified MS partner as I did? Then, you can talk )& that's only a SINGLE 1 I can produce of many of roughly the same quality from a small list of my favorites only - blowhard! apk