DDoS mitigation giant Akamai, who were hosting the website of security blogger Brian Krebs free of charge, have dropped him from their servers, after his website was subject to the biggest recorded DDoS attack. The assault has flooded Krebs’ site with more than 620 gigabits per second of traffic – almost double what Akamai has seen in the past.
Advertisement
“The largest DDoS attacks on record tend to be the result of a tried-and-true method known as a DNS reflection attack”.
One Twitter post noted the irony in a security expert having his site taken down because of a DDoS attack.
Akamai’s chief security officer, Andy Ellis, says the attack on Krebs is at least twice as large as anything he’s encountered before.
“The attack began around 8pm ET on September 20, and initial reports put it at approximately 665Gbps”, Krebs said in a blog post now that he is back in control of everything. “The attack did not succeed thanks to the hard work of the engineers at Akamai, the company that protects my site from such digital sieges”. Attacks hit his website right after he published his exposé, but they were small in size, around 128 Gbps, and Akamai had no problem in mitigating the threats.
This is with the exception of traffic that appeared to originate from generic routing encapsulation (GRE) data packets, which are commonly used to build a direct, point-to-point connection between network nodes.
They also require a large amount of network connected devices to send traffic, and before his website was turned off, Krebs said Akamai believed the attack emanated from a huge botnet with possibly thousands of hacked systems. GRE is a Cisco-developed protocol used to encapsulate network layer protocols, for use with virtual private networking.
‘Someone has a botnet with capabilities we haven’t seen before, ‘ McKeay said.
‘We’ve only started seeing that recently, but seeing it at this volume is very new’.
The DDoS attacks actually started after Krebs exposed the dealings of a DDoS-for-Hire service called vDos nearly two weeks ago. His article led to the arrest of two men, including one who uses the handle “applej4ck”.
Advertisement
Krebs tweeted on Thursday night, “It’s looking likely that KrebsOnSecurity will be offline for a while, Akamai’s kicking me off their network tonight”.
