Brian Krebs tweeted out that Prolexic reported a 665Gbps attack directed at his site.
https://twitter.com/briankrebs/status/778398865619836928 On Tue, Sep 20, 2016 at 11:21 PM, Mel Beckman <m...@beckman.org> wrote: > While I was reading the krebsonsecurity.com article cited below, the > site, hosted at Akamai address 72.52.7.144, became non responsive and now > appears to be offline. Traceroutes stop before the Akamai-SWIPed border > within Telia, as if blackholed (but adjacent IPs pass through to Akamai): > > traceroute to krebsonsecurity.com (72.52.7.144), 64 hops max, 40 byte > packets > 1 router1.sb.becknet.com (206.83.0.1) 0.771 ms 0.580 ms 0.342 ms > 2 206-190-77-9.static.twtelecom.net (206.190.77.9) 0.715 ms 1.026 ms > 0.744 ms > 3 ae1-90g.ar7.lax1.gblx.net (67.17.75.18) 9.532 ms 6.567 ms 2.912 ms > 4 ae10.edge1.losangeles9.level3.net (4.68.111.21) 2.919 ms 2.925 ms > 2.904 ms > 5 telia-level3-4x10g.losangeles.level3.net (4.68.70.130) 3.981 ms > 3.567 ms 3.401 ms > 6 sjo-b21-link.telia.net (62.115.116.40) 11.209 ms 11.140 ms 11.161 > ms > 7 * * * > 8 * * * > 9 * * * > 10 * * * > > Weird coincidence? > > -mel beckman > > > On Sep 20, 2016, at 6:46 PM, Hugo Slabbert <h...@slabnet.com> wrote: > > > > Lucy, you got some (*serious*) 'splainin to do... > > > > http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/ > > http://krebsonsecurity.com/2016/09/ddos-mitigation-firm- > has-history-of-hijacks/ > > > > -- > > Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com > > pgp key: B178313E | also on Signal > > > >> On Sun 2016-Sep-18 22:25:44 -0400, Tom Beecher <beec...@beecher.cc> > wrote: > >> > >> So after reading your explanation of things... > >> > >> Your technical protections for your client proved sufficient to handle > the > >> attack. You took OFFENSIVE action by hijacking the IP space. By your own > >> statements, it was only in response to threats against your company. You > >> were no longer providing DDoS protection to a client. You were exacting > a > >> vendetta against someone who was being MEAN to you. Even if that person > >> probably deserved it, you still cannot do what was done. > >> > >> I appreciate the desire to want to protect friends and family from > >> anonymous threats, and also realize how ill equipped law enforcement > >> usually is while something like this is occurring. > >> > >> However, in my view, by taking the action you did, you have shown your > >> company isn't ready to be operating in the security space. Being > threatened > >> by bad actors is a nominal part of doing business in the security space. > >> Unfortunately you didn't handle it well, and I think that will stick to > you > >> for a long time. > >> > >> On Tue, Sep 13, 2016 at 3:29 PM, Bryant Townsend < > bry...@backconnect.com> > >> wrote: > >> > >>> @ca & Matt - No, we do not plan to ever intentionally perform a > >>> non-authorized BGP hijack in the future. > >>> > >>> @Steve - Correct, the attack had already been mitigated. The decision > to > >>> hijack the attackers IP space was to deal with their threats, which if > >>> carried through could have potentially lead to physical harm. Although > the > >>> hijack gave us a unique insight into the attackers services, it was > not a > >>> factor that influenced my decision. > >>> > >>> @Blake & Mel - We will likely cover some of these questions in a future > >>> blog post. > >>> >