I have been watching the saga of security blogger Brian Krebs and his krebsonsecurity blog. He has had the benefit of high powered DDOS protection from Prolexic which is an Akamai subsidiary. Krebs has for a long time now been able to infiltrate and report on the darker side of the Internet. Recently Krebs site was hit with 620+ GIGABIT per second DDOS attack. Prolexic had never handled something of that size before and it apparently taxed even their capabilities as they asked Krebs to move off their network due to his attack surface affecting their paying customers. That should worry anyone that one of the largest DDOS protection companies is running out of scrubbing capabilities.(I bet Prolexic is now busily adding MORE capabilities since they have now broadcast their limits to the entire Internet). It is suspected that one of the reasons this DDOS was so huge is the poor security of IOT which gives rise to even larger botnets that can bring down tier 1 providers. Brian Krebs had to blackhole all of his traffic until he could find another solution so his hosting provider would not get blasted off the Internet without some kind of shield. DDOS protection especially at 500+ gigabits is very expensive. Krebs simply couldn’t afford the bill for this grade of DDOS protection and to his credit he didn’t want to have his hosting provider blasted off the Internet as well.
For nearly a week his site was taken offline. Enter Google. They have a free service for verified journalists and NPO organizations for DDOS protection. Google with its MASSIVE infrastructure is leveraging this as a DDOS shield. It will be interesting to see what happens when Krebs gets hit with another massive DDOS attack. The size of this attack and others has some of the largest Internet pioneers worried due to the increasing size and frequency of DDOS attacks. Some of them are getting so large that even the largest tier 1 providers are getting strained to carry the totality of the DDOS traffic when it approaches now nearly 3/4 of a terabit. I will be looking further into this phenomenon more as it is a growing threat to the very basic infrastructure that powers the Internet today as we know it.
*UPDATE* Added an article from the Boston Globe about how badly this attack taxed Prolexic’s ability to provide service to their paying customers.