On 2016-10-22 18:35, Ray Van Dolson wrote:
Thanks for the link. 10s of millons of IP addresses. Is it realistic to have 10s of millions of infected devices ? Or is that the dense smoke that points to IP spoofing ? re: newspaper reports: how did Flashpoint obtain enough details, while attack was ongoing to be able to draw conclusions told to the media ? Or was it educated speculation ? Obviously, Dyn had packet contents to look at and range of IPs being used etc. Would such a company typically release that info to a trusted investigator "as it happens" ? (would Flashpoint be such an outfit ?) Did the attack generate valid DNS queries (overwhelm the servers) or flood the links with long "random" UDP packets (overwhel the links). While I can understand that mitigation methods can be seen as "proprietary", releasing info on the specifics of the attack would help any/all neteowkrs and data centres better protect themselves. Assuming hackers don't talk to each others in the 21st century is silly. They already know how this was done, yet the victims typically remain silent for fear of educating the hackers for more attacks.