shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

258
active users

#ddos

6 posts5 participants0 posts today
Replied in thread

#CENTR #dDoS Interesting talk since it was not a talk: after a short introduction, people in the room were told to gather in small groups (with no group hving two persons from the same domain registry), discuss on one of the proposed statements, and synthetize their discussion at the end.
Everybody agrees that we should share more information (heard many times in the last 25 years at CENTR...)

Pretty much the only regions on the planet from which we *don't* see regular volumetric DDOS against www.bbc.co.uk & www.bbc.com is central Africa & the poles.

This is map shows the number of time each country was a DDOS traffic source in the last 30 days (larger circles == more DDOS attacks).

The botnets are really well globally distributed these days (and we typically see thousands or tens of thousands of source IPs per attack - mostly compromised servers).

Replied in thread

@briankrebs yeah, cuz every #SecOps of any #ISP is gonna read that and look into the affected hosts if they were in their netwirk and obviously share the findings with investigators.

  • And I don't blame them since #DDoS attacks espechally at that scale do create a lot if cost and anger at their end as well.

So everyone but the malicious actor is gonna be mad...

  • Which makes it an even worse decision!
Replied in thread

@Npars01 and even then to me this looks more like a "bad" #PR stunt to me.

It's the digital equivalent of kids shooting paintballs at a parked cop car in a monsoon rain and that got only noticed retroactively...

  • I just think it's wasteful to #DDoS @briankrebs 's website because it's only a #blog, he doesn't pay any #ransom, is extremely well protected and outage of it doesn't generate the same public or financial pressure compared to businesses and governmental institutions.

Like even if they had succeeded, what would've been the outcome? Maybe line that reads: "Congrats Kiddo, you just wasted thousands if not millions of dollars worth in Monero just to create an outage of a tiny blog. Go give yourself a star in your exercise book!"

  • Someone just had more money than sense I guess...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@briankrebs@infosec.exchange TBH, I think #DDoS'ing *your blog* is kinda wasteful beyond *"#BraggingRights"* because it's not only *well protected* but the amount of damage / revenue by #blackmailing they could expect is just zero. - I mean, it shure is a way to get *your attention* but that doesn't mean any #BlackHat should *ask for that*! But there are thousands if not millions of weaker targets they could've attacked. - Seems like the [muggers from Crocodile Dundee](https://www.youtube.com/watch?v=qi0G0b1dNzE) *but dumber* cuz they try to puncture your tires but you're sitting in a tracked tank. Pretty shure had #Google not told you or anyone else you would not have even noticed it.
Replied in thread

@briankrebs TBH, I think #DDoS'ing your blog is kinda wasteful beyond "#BraggingRights" because it's not only well protected but the amount of damage / revenue by #blackmailing they could expect is just zero.

  • I mean, it shure is a way to get your attention but that doesn't mean any #BlackHat should ask for that!

But there are thousands if not millions of weaker targets they could've attacked.

Pretty shure had #Google not told you or anyone else you would not have even noticed it.

Replied in thread

Meanwhile at $DAYJOB we have routers being pounded into catatonia by VPN credstuffers on $US-HOSTER and $EU-HOSTER who seem to not have noticed that we want an all-important 2nd factor. (yeah, can't name them. they are who you'd expect)

After I published a recent article where I showed how to mitigate an accidental DDoS after enabling ActivityPub for WordPress with the Surge plugin, I found an optimization for improved cache handling. Out of the box, there’s a problem with the default configuration since Surge ignores the Accept header.

[…]

epiph.yt/en/blog/2025/optimize

Epiphyt · Surge-Konfiguration für ActivityPub optimieren | EpiphytDas Plugin Surge ignoriert den für ActivityPub wichtigen Accept-Header. Durch eine clevere Lösung kannst du dafür eine eigene Cache-Version bereitstellen.

IoT devices turned into DDoS slaves? 🤖 Sounds wild, right? But it's totally true! Think GeoVision, Samsung... and that's just scratching the surface, really. Those End-of-Life devices? They're practically a free-for-all for botnet operators. Mirai sends its regards! 😈

So, what's the big deal? Well, IoT gadgets often have lousy security, and updates? Forget about 'em! Automated scans? They barely scratch the surface. If you want real security, you gotta go for manual pentests. ☝️

Alright, so what can you actually do? Update 'em (if that's even an option!), segment your network, and keep an eye on things with monitoring! An unpatched device? That's a ticking time bomb, plain and simple. 💣 And hey, don't forget: vendor security claims are often just a load of marketing fluff! 😬

Which "smart" devices with known weak spots are hiding out on your network? Have you even checked lately? 👇

Replied in thread

@varbin @f4grx @nixCraft @torproject Well, you can dynamically block them based off packet rate & amount of requests and rate-limit them as well as limit them in terms of transfer rate.

Not to mention you rarely see DDoS attacks from residential IPs and ISPs are quick to disconnect offending hosts upon reporting them, so worst-case one blocks a /24 for 24 hours.

  • This doesn't even account for the fact that #Skiddie-Tools like #LOIC are easily dstinguishable and filter for.

Again: if this is a real problem, any decent datacenter / hoster / upstream will gladly pick up the phone or reply to your support request via mail.

  • After all, they too don't like it when someone hammers their infrastructure, so they have a vested interest in #Blackholing bad traffic at the #IX level.

#DECIX even officially recommends that as a means to handle large-scale DDoS attacks and keep everyone else online.

  • To me a "#Layer7" solution like #Anubis comes way too late as it already incurs billable traffic at many hosters and datacenters and we don't want to cough up money because of someone else trying to #blackmail us (which is the #1 reason for DDoS'ers to do so!)…