Didn't realize Akamai kicked out or disabled customers
http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/
"Security blog Krebs on Security has been taken offline by host Akamai
Technologies following a DDoS attack which reached 665 Gbps in size."
-Grant
I believe the article says they were being hosted for free.
Once upon a time, Grant Ridder <shortdudey123@gmail.com> said:
Didn't realize Akamai kicked out or disabled customers
Any business is likely to kick out customers that cost them much more
than they are being paid (under relevant contract terms of course).
Since his blog was being hosted for free, it isn't surprising that
Akamai told him they couldn't do that anymore.
It certainly isn't fair to expect Akamai (and their paying customers) to
deal with that.
To be fair, he was getting the service for free. I wouldn’t really call
that a paying customer. Still not great from a PR standpoint though.
They didn't - Krebs has publicly stated that Akamai were providing services
"Pro Bono" - and I guess the goodwill ran out 
Simon
If you read the article, it is made clear he was "kicked off" of a free service being provided. He was not a paying customer of Akamai and does not fault Akamai for their decision.
Even Brian Krebs doesn’t think Akamai kicks out or disables customers. In the article, he admits he is not paying Akamai.
Should Akamai have kept protecting Krebs? Maybe. But I do not think anyone should pass judgement on Akamai - unless that person is willing to pick up the tab.
(And some of the companies claiming they will pick up the tab are just hoping for PR, since they could not have actually protected Krebs.)
They were hosting him for free, and like insurance, I can assure you if you
are consistently using a service, and not covering the costs of that
service you won't be a client for long. This is the basis for AUP/client
contracts and have been going back to the days when we all offered only
dialup internet.
So much for defending free speech...
Rubens
While we are on topic of DDOS, it looks like it's quite a storm now.
According to this WHT post [1], some large server providers were recently attacked, and many are still being attacked with quite a large bandwidth, ie 1Tbps attacks against OVH. [2], [3]
Regards,
Filip
[1] http://www.webhostingtalk.com/showthread.php?t=1599694
[2] https://twitter.com/olesovhcom/status/778019962036314112
[3] https://twitter.com/olesovhcom/status/778830571677978624
My gigabit pipe was also DDOS attacked the same day my name appeared in Brian’s story.
-mel
Well, there’s always Cloudflare and Google that are willing to do it for free. Let’s hope we won’t run out of free providers any time soon.. It’s a nice blog.
So ultimately the DDoS was successful, just in a different way.
~Seth
More technical information about the characteristics of these attacks would be very interesting such as the ultimate sources of the attack traffic (compromised home pc's?), the nature of the traffic (dns / ssdp amplification?), whether it was spoofed source (BCP38-adverse), and whether the recent takedown the vDOS was really complete or if it's likely someone else gained control of the C&C servers that controlled it's assets?
Mike-
Does being a victim of a DDoS constitute a breach of AUP?
Marcin Cieślak
> > Didn't realize Akamai kicked out or disabled customers
> > http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/
> >
> > "Security blog Krebs on Security has been taken offline by host Akamai
> > Technologies following a DDoS attack which reached 665 Gbps in size."
>
>
> So ultimately the DDoS was successful, just in a different way.
>
> ~Seth
>
>
More technical information about the characteristics of these attacks would be
very interesting such as the ultimate sources of the attack traffic
(compromised home pc's?), the nature of the traffic (dns / ssdp
amplification?), whether it was spoofed source (BCP38-adverse), and whether
the recent takedown the vDOS was really complete or if it's likely someone
else gained control of the C&C servers that controlled it's assets?
At least for the OVH case there is a bit of info:
https://twitter.com/olesovhcom/status/779297257199964160
"This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send
1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn."
c'ya
sven-haegar
FWIW, we have offered to help. No word so far. We're more than willing
to step in front of the cannon pointed his way.
Is CloudFlare able to filter Layer 7 these days? I was under the impression CloudFlare was not able to do that.
There have been a lot of rumors about this attack. Some say reflection, others say Layer 7, others say .. other stuff. If it is Layer 7, how are you going to ‘step in front of the cannon’? Would you just pass through all the traffic?
I realize Matthew is always happy for publicity (hell, the whole planet is aware of that). But if your system cannot actually do the required task, I’m not sure your company should give you credit for offering a service the user cannot use.
We routinely mitigate L7s. Matthew is also on the record saying we've
seen and mitigated similar attacks to this one (based on available
information about this attack).
Yes, they do (or advertise):
https://support.cloudflare.com/hc/en-us/articles/200170216-How-large-of-a-DDoS-attack-can-CloudFlare-handle-
Jörg