14 DAY TRIAL // After agreeing to host Brian Krebs' website for free, Akamai has decided to stop providing service to the infosec journalist after his domain was the target of a vicious DDoS attack since the start of the week.
The DDoS attacks actually started after Krebs exposed the dealings of a DDoS-for-Hire service called vDos almost two weeks ago. Attacks hit his website right after he published his exposé, but they were small in size, around 128 Gbps, and Akamai had no problem in mitigating the threats.
Things intensified this week, and yesterday, Krebs revealed that, at one point, attacks peaked at 665 Gbps, and later stabilized at around 620 Gbps.
Attacks were hindering Akamai's ability to provide service to paying customers
Krebs said the attacks were a mixture of direct SYN, GET, ACK, POST, and GRE packet floods, with no sign of traffic amplification or packet reflection. The security expert said he suspected that a massive botnet of IoT devices was used to attack his site.
Based on previous reports from Arbor Networks, the attack on Krebs' website was the largest on a single target to date, even if Octave Klaba, owner of OVH, revealed on Twitter that his network had mitigated a combined DDoS attack of over 1 Tbps against two targets at the same time.
In fact, Krebs doesn't think the DDoS attacks on OVH were a coincidence. "[I]t seems clear that whoever built this [DDoS] cannon has been testing it," said Krebs, "in [E]urope at OVH, in South America on Tuesday, elsewhere."
As the humongous attack continued to rage on, Akamai told the journalist that they'd remove his site from their network because of possible downtime to other customers.
Akamai was hosting and protecting the site for free
Since Akamai was hosting the journalist's site for free, there were no hard feelings from Krebs. CloudFlare's co-founder didn't waste any time offering to take Krebs' website on their network.
"Have seen this attack before," Matthew Prince wrote on Twitter. "Confident we could help. So far he's not taken us up on our offer."
In the meantime, Krebs' website has gone offline, but some users can still access it via the Internet Archive and Google's cache.
It's looking likely that KrebsOnSecurity will be offline for a while. Akamai's kicking me off their network tonight. — briankrebs (@briankrebs) September 22, 2016
It's looking likely that KrebsOnSecurity will be offline for a while. Akamai's kicking me off their network tonight. — briankrebs (@briankrebs) September 22, 2016
Before everyone beats up on Akamai/Prolexic too much, they were providing me service pro bono. So, as I said, I don't fault them at all. — briankrebs (@briankrebs) September 23, 2016
@briankrebs site may be offline, but all his blogs are still available https://t.co/gZCgWw7dt6 — PJC (@pjcampbe11) September 23, 2016