[191624] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Justin Paine via NANOG)
Fri Sep 23 20:55:28 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <C3E81DD5-E2A8-428B-B90B-92E18CD9119F@ianai.net>
Date: Fri, 23 Sep 2016 12:29:42 -0700
To: "Patrick W. Gilmore" <patrick@ianai.net>
From: Justin Paine via NANOG <nanog@nanog.org>
Reply-To: Justin Paine <justin@cloudflare.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
We routinely mitigate L7s. Matthew is also on the record saying we've
seen and mitigated similar attacks to this one (based on available
information about this attack).
____________
Justin Paine
Head of Trust & Safety
CloudFlare Inc.
PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
On Fri, Sep 23, 2016 at 12:26 PM, Patrick W. Gilmore <patrick@ianai.net> wr=
ote:
> Is CloudFlare able to filter Layer 7 these days? I was under the impressi=
on CloudFlare was not able to do that.
>
> There have been a lot of rumors about this attack. Some say reflection, o=
thers say Layer 7, others say .. other stuff. If it is Layer 7, how are you=
going to =E2=80=98step in front of the cannon=E2=80=99? Would you just pas=
s through all the traffic?
>
> I realize Matthew is always happy for publicity (hell, the whole planet i=
s aware of that). But if your system cannot actually do the required task, =
I=E2=80=99m not sure your company should give you credit for offering a ser=
vice the user cannot use.
>
> --
> TTFN,
> patrick
>
>> On Sep 23, 2016, at 3:16 PM, Justin Paine via NANOG <nanog@nanog.org> wr=
ote:
>>
>> FWIW, we have offered to help. No word so far. We're more than willing
>> to step in front of the cannon pointed his way.
>>
>> ____________
>> Justin Paine
>> Head of Trust & Safety
>> CloudFlare Inc.
>> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
>>
>>
>> On Fri, Sep 23, 2016 at 11:58 AM, Marcin Cieslak <saper@saper.info> wrot=
e:
>>> On Fri, 23 Sep 2016, jim deleskie wrote:
>>>
>>>> They were hosting him for free, and like insurance, I can assure you i=
f you
>>>> are consistently using a service, and not covering the costs of that
>>>> service you won't be a client for long. This is the basis for AUP/cli=
ent
>>>> contracts and have been going back to the days when we all offered onl=
y
>>>> dialup internet.
>>>
>>> Does being a victim of a DDoS constitute a breach of AUP?
>>>
>>> Marcin Cie=C5=9Blak
>
