Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

258
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#ddos

6 posts5 participants0 posts today
Replied in thread
Public
Stéphane Bortzmeyer

#CENTR #dDoS Interesting talk since it was not a talk: after a short introduction, people in the room were told to gather in small groups (with no group hving two persons from the same domain registry), discuss on one of the proposed statements, and synthetize their discussion at the end.
Everybody agrees that we should share more information (heard many times in the last 25 years at CENTR...)

Public
Neil Craig

Pretty much the only regions on the planet from which we *don't* see regular volumetric DDOS against www.bbc.co.uk & www.bbc.com is central Africa & the poles.

This is map shows the number of time each country was a DDOS traffic source in the last 30 days (larger circles == more DDOS attacks).

The botnets are really well globally distributed these days (and we typically see thousands or tens of thousands of source IPs per attack - mostly compromised servers).

World map with a red dot of varying sizes on virtually every country. Countries without a red dot are more or less only the central African countries from Senegal/Mauritania on the West coast to Eritrea on the East coast.
#DDOS#InfoSec#BotNet
Replied in thread
Public *
Kevin Karhan :verified:

@briankrebs yeah, cuz every #SecOps of any #ISP is gonna read that and look into the affected hosts if they were in their netwirk and obviously share the findings with investigators.

  • And I don't blame them since #DDoS attacks espechally at that scale do create a lot if cost and anger at their end as well.

So everyone but the malicious actor is gonna be mad...

  • Which makes it an even worse decision!
Replied in thread
Public
Kevin Karhan :verified:

@Npars01 and even then to me this looks more like a "bad" #PR stunt to me.

It's the digital equivalent of kids shooting paintballs at a parked cop car in a monsoon rain and that got only noticed retroactively...

  • I just think it's wasteful to #DDoS @briankrebs 's website because it's only a #blog, he doesn't pay any #ransom, is extremely well protected and outage of it doesn't generate the same public or financial pressure compared to businesses and governmental institutions.

Like even if they had succeeded, what would've been the outcome? Maybe line that reads: "Congrats Kiddo, you just wasted thousands if not millions of dollars worth in Monero just to create an outage of a tiny blog. Go give yourself a star in your exercise book!"

  • Someone just had more money than sense I guess...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@briankrebs@infosec.exchange TBH, I think #DDoS'ing *your blog* is kinda wasteful beyond *"#BraggingRights"* because it's not only *well protected* but the amount of damage / revenue by #blackmailing they could expect is just zero. - I mean, it shure is a way to get *your attention* but that doesn't mean any #BlackHat should *ask for that*! But there are thousands if not millions of weaker targets they could've attacked. - Seems like the [muggers from Crocodile Dundee](https://www.youtube.com/watch?v=qi0G0b1dNzE) *but dumber* cuz they try to puncture your tires but you're sitting in a tracked tank. Pretty shure had #Google not told you or anyone else you would not have even noticed it.
Replied in thread
Public
Kevin Karhan :verified:

@briankrebs TBH, I think #DDoS'ing your blog is kinda wasteful beyond "#BraggingRights" because it's not only well protected but the amount of damage / revenue by #blackmailing they could expect is just zero.

  • I mean, it shure is a way to get your attention but that doesn't mean any #BlackHat should ask for that!

But there are thousands if not millions of weaker targets they could've attacked.

Pretty shure had #Google not told you or anyone else you would not have even noticed it.

YouTubeThat’s not a knife…THAT’S A KNIFE.” 😅 Crocodile Dun #movies #shortsBy universe of clips
Replied in thread
Public
🆘Bill Cole 🇺🇦

Meanwhile at $DAYJOB we have routers being pounded into catatonia by VPN credstuffers on $US-HOSTER and $EU-HOSTER who seem to not have noticed that we want an all-important 2nd factor. (yeah, can't name them. they are who you'd expect)

#InfoSec#DDoS
Public *
AI6YR Ben

Add this to the list of ADDITIONAL REASONS I hate AI.

They're absolutely slamming websites on the Internet so they can suck the contents into their great big training databases.

mastodon.social/@tdp_org/11450

Graph of total requests per day by content type for one GenAI crawler over a week. The request rate was essentially zero for everything until yesterday when requests for HTML (web pages) began to increase dramatically. Today we're on about 460,000 requests so far
MastodonNeil Craig (@tdp_org@mastodon.social)Attached: 1 image As part of a time-limited trial, yesterday we removed the www.bbc.co.uk & www.bbc.com robots.txt "block" on *one* GenAI crawler. Here's a graph of total daily requests from that 1 GenAI crawler by content-type. You'll note, they've retrieved ~460k web pages in ~16 hours, so a mean of ~28,750 web pages per hour. They'll likely pull ~690k pages today, ~32GB egress. Whilst this is a drop in the ocean versus our other traffic, I can easily see how this could sink a smaller website. #GenAI #WebDev
#AI#LLMs#DDoS
Public
Epiphyt

After I published a recent article where I showed how to mitigate an accidental DDoS after enabling ActivityPub for WordPress with the Surge plugin, I found an optimization for improved cache handling. Out of the box, there’s a problem with the default configuration since Surge ignores the Accept header.

[…]

epiph.yt/en/blog/2025/optimize

Epiphyt · Surge-Konfiguration für ActivityPub optimieren | EpiphytDas Plugin Surge ignoriert den für ActivityPub wichtigen Accept-Header. Durch eine clevere Lösung kannst du dafür eine eigene Cache-Version bereitstellen.
#ActivityPub#Cache#DDoS
Public
0x40k

IoT devices turned into DDoS slaves? 🤖 Sounds wild, right? But it's totally true! Think GeoVision, Samsung... and that's just scratching the surface, really. Those End-of-Life devices? They're practically a free-for-all for botnet operators. Mirai sends its regards! 😈

So, what's the big deal? Well, IoT gadgets often have lousy security, and updates? Forget about 'em! Automated scans? They barely scratch the surface. If you want real security, you gotta go for manual pentests. ☝️

Alright, so what can you actually do? Update 'em (if that's even an option!), segment your network, and keep an eye on things with monitoring! An unpatched device? That's a ticking time bomb, plain and simple. 💣 And hey, don't forget: vendor security claims are often just a load of marketing fluff! 😬

Which "smart" devices with known weak spots are hiding out on your network? Have you even checked lately? 👇

#IoT#Security#Pentest
Replied in thread
Public *
Kevin Karhan :verified:

@jherazob @leberschnitzel they already exist...

I think it's bad #TechPopulism to think that #Anubis will fix all the issues.

Just block all the #GAFAMs ASNs & #hosters that host #Scrapers so the industry cracks down harder on them than on #IRC, #Tor #ExitNodes, #CSAM & #BitTorrent combined!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@nixCraft@mastodon.social what we should do is *literally* [block](https://github.com/greyhat-academy/lists.d/blob/main/scrapers.ipv4.block.list.tsv) all the #scapers network-wide (as per IP block allocation) and #DROP all traffic to/from them, because #Anubis requiring #JavaScript makes it #ableist and bricking #TUI browsers like #LynxBrowser... - #OnionServices on #Tor / @torproject@mastodon.social show [how it's done…](https://infosec.space/@kkarhan/114437837120770551)
Replied in thread
Public *
Kevin Karhan :verified:

@varbin @f4grx @nixCraft @torproject Well, you can dynamically block them based off packet rate & amount of requests and rate-limit them as well as limit them in terms of transfer rate.

Not to mention you rarely see DDoS attacks from residential IPs and ISPs are quick to disconnect offending hosts upon reporting them, so worst-case one blocks a /24 for 24 hours.

  • This doesn't even account for the fact that #Skiddie-Tools like #LOIC are easily dstinguishable and filter for.

Again: if this is a real problem, any decent datacenter / hoster / upstream will gladly pick up the phone or reply to your support request via mail.

  • After all, they too don't like it when someone hammers their infrastructure, so they have a vested interest in #Blackholing bad traffic at the #IX level.

#DECIX even officially recommends that as a means to handle large-scale DDoS attacks and keep everyone else online.

  • To me a "#Layer7" solution like #Anubis comes way too late as it already incurs billable traffic at many hosters and datacenters and we don't want to cough up money because of someone else trying to #blackmail us (which is the #1 reason for DDoS'ers to do so!)…
YouTubeThe creators of TikTok caused my website to shut downBy MattKC
#layer7#anubis#blackmail
ExploreLive feeds
About