>The Aisuru DDoS botnet operates as a DDoS-for-hire service with restricted clientele; operators have reportedly implemented preventive measures to avoid attacking governmental, law enforcement, military, and other national security properties. Most observed Aisuru attacks to date appear to be related to online gaming.
So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.
Mad salt. Imagine a fully grown man having a toddler tantrum. "If I can't play/win/get my way, nobody can" type mentality. It's also a method of coercion. Give me mod status or I'll DDOS your server and destroy your community.
The other half comes from sever operators ddosing their competition. There is a lot of money to be made from paid cosmetics, ranks, moderator (demi-tyrant) status, etc on custom servers.
> What's the benefit of taking down an online game for a couple of hours.
Competitive MMO. Imagine some event is setup to start at some time and your guild or alliance knows they're gonna lose it and the resource it gives: DDOS the server so it's down during the event so it does not run. Enjoy the fact you kept the asset linked to said event and sell the resources you get for real money.
If you've never played those kind of games you cannot fathom how cutthroat they can become. I'm part of a guild which has a specific intelligence branch with spies embedded in many other guilds and that's playing nice because we're not selling anything.
It depends on the game, but for those with some kind of marketplace or transferable currency, I'm guessing market manipulation is one possible reason.
For other games, maybe trying to interrupt some time limited event or tournament. Going all the way down the rabbit hole, if you're not already familiar take a look at how crazy things get in a game like EVE: Online.
Then of course there are the bored trolls and/or people who feel wronged by the game's developers or other players.
Probably it has to do with all the gambling sites associated with gaming not the games itself.
Taking a competitor offline for a few hours is a lot of money in a market business I expect.
there seems to be lot of weird stuff going on with gaming casinos the recent CoffeeZilla episode comes to mind, so wouldn’t be surprised if botnets are used
the ddos market has been somewhat centered around gaming for a while now, mainly to take down game server competition, or as an attempt to sell big players on "ddos protection" services.
I'm surprised no one has mentioned duping. Selling items and currency for real world money is big bucks and IME, server crashes reliably enable duping exploits.
Not saying that's the case in this particular incident though.
It may be for market manipulation. It may be extortion against the owning company. It may even be to take down a rival online game for a while.
I don't expect the big publisher games like PUBG to attack each other with DDoS attacks, but casino games? Or even sleazy Minecraft servers? I can totally see it.
The results are very public, it's the same way IRC is often targeted. They're easy targets, thousands of users are affected and the results are immediately noticeable.
> So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.
Most of the time crime groups are running extortion campaigns, amplification campaigns, etc. For example, if a competitor can benefit from them being down you may be able to sell that. Eventually we will probably see the invention of crowd-funded randsomware, where everyone must submit one verification can of crypto to unlock the hacked game servers.
I'm not sure why you're being downvoted, this is literally what keeps happening to me. I run a couple private MMO servers, I regularly get hit with DDoS attacks and clowns like this guy DMing me to demand money to stop attacking my servers:
A satisfying theory for a lot of DDoS would be extortion or protection rackets. Pay up or we will DDoS you, or pay up or 'someone else' will DDoS you.
That's enough to explain it. But if you wanted to go more full shadowy conspiracy theory, someone arranged for a protection service that just so happens to work by giving some entity cleartext surveillance over much of the internet. Perhaps as a response to HTTPS everywhere being annoying.
I'm not suggesting that's the situation, but that it's the kind of possibility to keep in mind, intellectually, and it would be consistent with history.
Misdirection. If I knock _you_ offline, its not going to be that difficult for you to put together a probable suspects list with me on it.
If it's going to cost me about the same in terms of resources to target you and a bunch of other people colocated with you, it's a bit less obvious who launched it and why.
Uh I used to get DDoSed by “booter” services whenever I would login to one of my Skype accounts. The script kiddie scene is that petty. In the private server scene one guy would DDoS competing servers that way everyone would funnel to his own.
> by exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries,
Presumably it’s possible to log the residential IP of the source of these packets.
Why isn’t there any industry group pushing for the ISPs to a) send the owners an email telling them or b) blocking off all traffic for a period to get them to do something - or is the economic cost higher than caused by the DDoS attacks?
What percentage of the population would have any idea how to do this? How long does it take to go through the process? Is your work, education, and safety just put on pause during this phase?
The economic costs of that fall on the (residential) ISPs and they aren't really incurring very much cost in additional bandwidth from the outgoing attacks. In most cases it will be 0. It's not 'good', as it could affect quality to a certain extent for other subscribers and it's theoretically possible it could result in a slightly higher transit bill, but ultimately it's just not really a problem for them.
Setting up the infrastructure to email customers and tell them they've got an infected device is just going to cause the subscriber to:
A) Call customer support and tie up an agent who can't really tell them much - you're also going to have to train all your CS agents on these letters and what they mean.
B) Complain on faceybook/Churn off your network.
or
C) They'll ignore it
About one in a million will fix the issue themselves.
Some of these devices are controlled by the ISP. The TMobile 5G routers for example are pretty much black box devices controlled by TMobile. The home owner can't fix the device and has very limited access (via a mobile app) to 'manage' the device.
> it suddenly ballooned in size in April 2025 after its operators breached a TotoLink router firmware update server and infected approximately 100,000 devices
This is scary. Everyone lauds open source projects like OpenWRT but... who is watching their servers?
I imagine you can't run an army of security people on donations and a shoestring budget. Does OpenWRT use digital signing to mitigate this?
Why, OpenWRT firmware and packages are both signed, of course. You can manually and independently check the image signature before flashing an update.
The build infrastructure is, of course, a juicy target: infect the artifact after building but before signing, and pwn millions of boxes before this is detected.
This exchange is somewhat hilarious. Oh how on earth do we keep things safe and secure if everyone can see the code and verify what it does! Who would keep us safe if we turn our backs to unverifiable, unvetted, unprofitable security fixes, by for-profit companies!
Bit-Reproducible infrastructure could also result in some of the wildest build distribution architectures if you think about it. You could publish sources and have people register like in APT mirrors to provide builds, and at the end of the day, the build from the largest bit-equal group is published.
I do see the Tor-Issue - a botnet or a well-supplied malicious actor could just flood it. And if you flip it - if you'd need agreement about the build output, it could also be poisoned with enough nodes to prevent releases for a critical security issue. I agree, I don't solve all supply chain issues in one comment :)
But that in turn could be helped with reputation. Maybe a node needs to supply 6 months of perfect builds - for testing as well - to become eligible. Which would be defeated by patience, but what isn't? It'd just have to be more annoying to breach the distributed build infrastructure than to plant a malicious developer.
This combination of reproducible, deterministic builds, tests across a number of probably-trustworthy sources is quite interesting, as it allows very heavy decentralization. I could just run an old laptop or two here to support. And then come compromise hundreds of these all across the world.
> They pay as little as humanly possible to cover their ass.
They probably spend more on the team who ends up writing the "We take your security very seriously" breach notification message than they do on "security people". At least until then get forced into brand-name external Cyber Security Consultants to "investigate" their breach and work out who they can plausibly blame it on that's not part of the C suite.
You are dismissing the seriousness of this. Their package manager is widely used. One would only need to compromise their build servers to wreak havoc.
Didn't they have a vulnerability in their firmware download tool like a minute ago?
The difference between OpenWRT and Linux distros is the amount of testing and visibility. OpenWRT is loaded on to residential devices and forgotten about, it doesn't have professional sysadmins babysitting it 24/7.
Remember the xz backdoor was only discovered because some autist at Microsoft noticed a microsecond difference in performance testing.
I recently had some issues getting one of our embeded devices connect through passive ftp. Because the exact same device worked at a different site I knew it wasn't the device or it's settings. Long story short, it turned out the problematic site hadn't been updating its routers which meant they couldn't VPN passive FTP traffic. Anyway, we have literal thousands of those routers maintained by hundreds of different companies, who are mainly there to maintain the actual mechanical equipment and not the network. Turned out the site where the technicians updated things weren't in the majority.
I'm in the process of getting the business to implement better security, and it's going better than you might expect. If it wasn't because having a plan for how to update your OT security is required to meet EU compliance, however, I doubt we would've done anything beyond making sure we could do passive FTP when it was needed.
As an example, there is still no plans to deal with the OT which we know has build in hardware backdoors from the manufactures. Wnich is around 70% of our dataloggers, but the EU has no compliance rules on that...
What in that act says OpenWrt would be made illegal? If anything, OpenWrt would roll out automated security updates for a supported branched release to comply with these regulations.
Also, if you actually read it, there are exceptions for open source software!
A DDoS attack is often used to distract a company's security team. While the security staff is scrambling to get the website back online, the attackers use the chaos to conduct a more serious, stealthy attack.
I don't doubt there will have been sporadic examples of this, but what points to this "often" being the case? It seems like a tactic that wouldn't often pay off, since DDoS mitigation rarely involves relaxing security systems
Mistakes can be made during reconfigurations but you'd have to catch those while the issue is still live. Sounds like an advanced threat actor and not the run of the mill ransomware people (not that they're necessarily unsophisticated, but why'd they bother with these odds when there's low-hanging fruit to reliably exploit)
It was interesting to read that the record breaking attack caused no glitch whatsoever in the service MS provides. Which is so slow normally that I start to wonder if that is a strategy, having headroom for these kind of situations, no-one realizes slowdown when it is already slow. ;)
This is just a crazy thought, tangential to what are happening during an attack.
or rather the slowness problems of MS has nothing to do with hardware or infrastructure limitations. You cannot just throw infra at a problem to mask poorly written code beyond a point.
I suppose ISPs could be more restrictive about which routers they allow their customers to use, but I'm not sure I'm a fan of further lockdown in that department.
fun fact, part of the reason this botnet exists is because europe required the ability to install security updates unattended that you cannot disable and they compromised one of the servers that had the capability to push these updates compromising hundreds of thousands of routers.
If the vendor can't even secure their update server; how long do you think it would be until some RCE on these 100k un-patchable routers gets exploited?
The only people to blame for this is the vendor, and they failed on multiple levels here. It's not hard to sign a firmware, or even just fetch checksums from a different site than you serve the files from...
You can assume that you are part of it or another similar botnet if you have any IoT device exposed to the internet. You can use something like Shodan to see how your network looks like from the outside
Because every single nation would have to sign on to it allowing said agency to ignore sovereignty of each nation to come in and do their policing.
You'd also need to have every country not actively involved in these types of schemes yet we know some governments are directly benefiting from the scams/theft their citizens are perpetrating.
You'd also need to have every country think the things you want to police against are wrong. Again, we know that's just not true.
International DDoS busts and arrests do happen all the time.
Law enforcement takes time. The perpetrators of these attacks aren't hanging out in the open with their full names shielded only by the hope that their country won't extradite for political favor.
By the time the perpetrators are identified and a case is built, getting them charged isn't bottlenecked on the lack of an international agency. Any international law enforcement agency would be beholden to each country's own political wills and ideals, meaning any "teeth" they had would be no more effective than what we currenly have for extraditing people or cooperating with foreign police organizations.
The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things.
I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness.
> The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things.
They've never been expected to "stamp out" those things, any more than a city police department is expected to stamp out all crime and doctors are expected to stamp out all illness. Their mission is to reduce those things:
For warfare, they have been extremely successful relative to human history. War has actually become taboo and illegal, and very few happen. Look at history before the UN - it's a miracle. Think of the vision and confidence of people who, looking at 10,000 years of human history, immediately after two world wars, thought it was even possible, came up with effective strategy, did the hard work, and accomplished it.
I don't know the details of the other fields.
> I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness.
Politics and funding, and corruption, come with every human institution over a certain size, and especially with governments which can't exclude undesireable people: Democratic governments are the least corrupt, but if the people elect a corrupt representative or executive, then nobody can kick them out (unless they commit prosecutable crimes). And now imagine an association or confederation of governments, which is what the UN is.
So yes, the goal is to make something better. Otherwise, we might as well quit on everything.
Since this is a distributed attack, I'm not really sure how that enforcement would look like? Am I missing something, are all these bots/zombies easily selectable and blockable?
Investigative powers should be able to at least find and seize the command and control servers, and hopefully track down people operating the command and control servers.
Some sort of international clearing house for ISPs to help identify and sequester compromised customers might be nice, too; but that doesn't need law enforcement powers; and maybe it already exists?
Because countries benefit from conducting cyber warfare, the most publicised of are north Korea and Russia which have large state sponsored hacking groups.
It's national interest of China and Russia to see the West to fail. Why would they co-operate? They are willing to murder people, West and their own, so "law" enforcement means a bit different in international context.
It is China's national interests to see a stable America that can continue to maintain the post WWII world order that benefited China so much for so long. Without the US, who is going to maintain peace in the middle east, Africa and other places? without such peace, how could China export its goods and services?
"West" != America.
Your claim also implies that China and Russia are operating on the same level. That is laughable at best - Russia is a failed rogue state with the economic size comparable only to a Chinese province, it is left behind in ALL modern techs and its military hardware are aging fast. It is the complete opposite of the path took by China.
the real reason why these are a problem in the first place is because of cgnat and transit providers not implementing flowspec.
but these bad actors are not possible to track down in the first place since internet is unfortunately decentralized and things as simple as transactions submitted to bitcoin or etherium blockchain can be used as c&c
Besides the fact that not much happens in the international public sector, law enforcement is more about deterrence than prevention. Criminals aren't deterred by law enforcement, so the bad actors never stop. Human nature's a bitch.
If they did focus on prevention instead, most of this could be... prevented. Create a treaty that mandates how critical infrastructure technology is created/sold. Consumer routers will stop being shit at security, and home devices are slowed-down in upstream spamming. That's a good chunk of the denial-of-service market gone, with no need to police the world.
...but the criminals are smart and intentionally avoid attacking the powerful, so nobody cares. Same reason organized crime still exists. It's poor people caught up in gang violence and crime, not rich people, so it persists.
do you really think for example America would allow say Chinese prosecutors to arrest Americans on American soil and take them abroad to sentence them in a court that America has no influence over and then throw them in a prison which America doesn’t control?
When the deed is illegal in both places, they can be tried under either jurisdiction and convicted instead of continuing to roam free and fuck up the open web for everyone else. Yes I do think we'd want that
Borders currently get in the way but we needn't have law enforcement on foreign soil to solve that. Exchanging information and reliably acting upon it could be all these agencies need to do in their respective countries. When this proves effective aside from crime states that have no interest in upholding even their own laws (since dual illegality would probably be a prerequisite for any of this), they may eventually find themselves increasingly cut off and distrusted until they, too, cooperate or self-isolate like NK
Not sure how this would work, if you blocked those IPv6, the mostly innocent companies and people that are now blocked will be in short order getting a new IPv6 assigned by the ISP after a support call.
I was under the impression that these botnets still rely on vulnerable computers, which have a human that will be calling support asking for the issue to be resolved.
Then it needs an ISP to figure out the issue and ask the client to sort out their compromised computer, but unlikely the ISP will stop a paying customer from internet access especially if it's not clear why their original assigned IPv6 is blocked.
You should talk to a network engineer before making claims like this. There are mechanisms to curtail DDOS attacks at origin.
For a few reasons (political, economical) there’s little will to enact them, these attacks are so few and far between and you can pay your way out of them in most cases, so the incentives aren’t there for ISPs (whom are a commodity judged primarily on price and bandwidth)
As alluded to by morkalork, they definitely could if they wanted to, as the (most? of the) rest of the world doesn't seem to have this problem. As long as spammers keep paying telecoms & no law(s) forbidding this exist, it will continue.
Legal systems are so convoluted and so colossally heterogenous - also very protective of their ways - around the globe that miniscule collaborations require grandiose efforts to initiate and maintain. No chance these fast paced adversaries will be caught by the interplay of several dozens of reluctant dinosaur legal systems.
Tangential: once I was targeted by a pretty primitive scam. More than 10 years ago (after someone I love was naive and inexperienced, having a medium amount stolen in a sensitive and stressful time of this person's life). I recognised fast and having time and will I sarted to play along, pretending I bite the bait. Collecting info while acting. In parallel trying to connect local and international authorities to report an ongoing scam effort. I believe I tried 4 organizations in 3 different countries apparently involved, I believe one was dedicated to online scams, also trying to warn Western Union, they are about to be used for scam. I even went personally to a police station locally to get some advice on how to assist catching the criminals. Since all I encountered insisted to report my damages, so they could start an investigation on an actual loss happened, I furiously gave up and decided whenever I will be having financial trouble I will invest my efforts in scamming others. No-one cares catching those in act! So the thugs can be incredibly bold and dumb, like the one I encountered, it is no effort doing better.
Funny enough just got an error trying to reach to the blog
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
It would really help to understand why attack one endpoint with "the largest DDoS attack ever observed in the cloud". If it was important, it would be redundant in its CDN. Who paid for this attack and what did they gain?
You are assuming that DDoS is signal. It's not, it's the noise.
The idea of DDoS for hire is to bury your own tracks in as much network requests as possible, so that the other side is overwhelmed processing (or even storing) that dataset and won't find out what the real target was.
we were getting hit with attacks like this daily at some point and were forced to use cloudflare magic transit it's pretty random and you shouldn't read too deep into it as nearly every anti-ddos solution, host and isp has been hit with this botnet by now.
Man, if you had that many nodes can you guys imagine how much cool tech you could build with that? Like you could literally rival Tor with one command. Or build a decentralized archive system. Yet, the only thing these nodes will end up doing is being used to prop up some losers ego. Literally what a waste. If you're going to commit crime at least do something cool.
You could easily get better performance with a pair of well-optimized high-density cabinets, much more reliable and not even that expensive to operate legitimately.
I feel like posting the traffic output of the network might not be a great idea because they might do these attacks on purpose to market their network's capability.
Why wouldn't microsoft advertise this though? If they had the ability to take the attack and others might not, then it'll result in more customers for them.
it's an open secret at that point and the attacks are far larger than that are causing congestion world-wide from the time they wake up to the time they go to sleep.
There is a big (opportunity) cost to this kind of thing, How is this worthwhile for anyone? I assume that its's not just a competitor. Is it really worth <insert evil country>'s time to temporarily upset one of of three big cloud providers? Is there a ransom behind the scenes?
The Microsoft article reads like a corporate press release. The original link contained additional pertinent information and research which is good for discussion.
We really shouldn’t - this seems like perhaps one of the worst ideas one could propose in an era of rising authoritarian rule. Seems like a bad time to be putting silly restrictions on how folks route their traffic.
Ok, I'll be a bit more specific, banning businesses and the trade of proxies that are purposefully marked as residential, in order to evade firewall blocks, and even to evade proxy blocks.
You gotta draw the line in the sand somewhere, VPNs are already morally dubious, but if you ban the most shady of VPNs, residential proxies, then you can at least guarantee service providers the right to deny service to proxy users, while allowing proxy users to use the proxy everwhere they are welcome in.
Making them illegal seems far-fetched, but at this point something like email blacklists but for web services is becoming inevitable.
At the moment, that's what Cloudflare is doing. They're just not obvious enough, leading to people on forums (and here) asking "why do I constantly need to fill out captchas to enter websites".
> This attack lasted only 40 seconds but was roughly equivalent to streaming one million 4K videos simultaneously.
Who is this for? Is there anyone reading the article that can't grasp what a terrabit is but can somehow conceptualise one million 4k videos streaming simultaneously? I don't think anyone sits in that venn diagram.
Yeah. That falls in the same bin as number of Olympic swimming pools or distance to the moon.
The best, meaningful comparison I've read is from Bill Bryson in A Short History of Nearly Everything. In it, he notes that there are 1M seconds in 11 days but 1B seconds takes 32 years.
An regular user would associate 4k is premium / expensive and difficult to use without better phones/network/plans/signal strength etc so the idea would be to be signal it is 1M times with a somewhat challenging thing for them.
Non-tech savy users know how live streams crash with sports like with Netflix recently during boxing etc or on Twitter last year and usually those come with some n Million users in kind of headlines or the like, so they have some reference to that scale.
As analogies go, there are worse examples. BleepingComputer is hardly the New Yorker or Atlantic, best we can hope for these days is a human is writing the article I suppose.
I've always disliked the "it's like X amount of [resolution] video!!" Are we talking a UHD 4K Bluray? or 4K Netflix? or 4K YouTube? Bitrate is all that matters.
This is what I don't get
>The Aisuru DDoS botnet operates as a DDoS-for-hire service with restricted clientele; operators have reportedly implemented preventive measures to avoid attacking governmental, law enforcement, military, and other national security properties. Most observed Aisuru attacks to date appear to be related to online gaming.
https://www.netscout.com/blog/asert/asert-threat-summary-ais...
So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.
Mad salt. Imagine a fully grown man having a toddler tantrum. "If I can't play/win/get my way, nobody can" type mentality. It's also a method of coercion. Give me mod status or I'll DDOS your server and destroy your community.
The other half comes from sever operators ddosing their competition. There is a lot of money to be made from paid cosmetics, ranks, moderator (demi-tyrant) status, etc on custom servers.
"Game servers" also doesn't just mean Timmy's Minecraft server. It's big commercial games.
Final Fantasy XIV keeps getting hammered, likely Aisuru, off and on since at least September.
https://na.finalfantasyxiv.com/lodestone/news/detail/6b56814...
5 replies →
On my childhood I had a colleague were when him lose a match against me or my brother, him got mad and fire the joystick to the ground.
What you are saying fits perfectly well in minecraft communities.
Are you mentioning the minecraft community by your message or any other gaming communities too
1 reply →
Games continue beyond the Games themselves...
>There is a lot of money to be made from paid cosmetics, ranks, moderator (demi-tyrant) status, etc on custom servers.
Anyone have any idea how much a 15 Tbps DDoS attack would cost?
Thousands of dollars? Tens of thousands?
10 replies →
> What's the benefit of taking down an online game for a couple of hours.
Competitive MMO. Imagine some event is setup to start at some time and your guild or alliance knows they're gonna lose it and the resource it gives: DDOS the server so it's down during the event so it does not run. Enjoy the fact you kept the asset linked to said event and sell the resources you get for real money.
If you've never played those kind of games you cannot fathom how cutthroat they can become. I'm part of a guild which has a specific intelligence branch with spies embedded in many other guilds and that's playing nice because we're not selling anything.
EVE Online had to put their foot down when people were talking about what could easily be considered terrorism.
2 replies →
It depends on the game, but for those with some kind of marketplace or transferable currency, I'm guessing market manipulation is one possible reason.
For other games, maybe trying to interrupt some time limited event or tournament. Going all the way down the rabbit hole, if you're not already familiar take a look at how crazy things get in a game like EVE: Online.
Then of course there are the bored trolls and/or people who feel wronged by the game's developers or other players.
Probably it has to do with all the gambling sites associated with gaming not the games itself.
Taking a competitor offline for a few hours is a lot of money in a market business I expect.
there seems to be lot of weird stuff going on with gaming casinos the recent CoffeeZilla episode comes to mind, so wouldn’t be surprised if botnets are used
the ddos market has been somewhat centered around gaming for a while now, mainly to take down game server competition, or as an attempt to sell big players on "ddos protection" services.
well, gaming and Krebs's blog: https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with...
Yep, Minecraft servers get DDoSed so often that Cloudflare actually offers turnkey protection for them specifically.
https://www.cloudflare.com/en-gb/application-services/produc...
1 reply →
They get banned for trolling, griefing, cheating, breaking rules etc. and want revenge. Every game operator has to deal with idiots like this
[flagged]
5 replies →
I'm surprised no one has mentioned duping. Selling items and currency for real world money is big bucks and IME, server crashes reliably enable duping exploits.
Not saying that's the case in this particular incident though.
> So why? Like why would someone pay to take a game down?
esports gambling and winning tournaments is big business.
> During the Fortnite Championship Series finals, a pair of pro players may have utilized denial of service attacks to disadvantage contesters [1]
[1] https://fortnitetracker.com/article/1087/ddos-scandal-from-c...
It may be for market manipulation. It may be extortion against the owning company. It may even be to take down a rival online game for a while.
I don't expect the big publisher games like PUBG to attack each other with DDoS attacks, but casino games? Or even sleazy Minecraft servers? I can totally see it.
A game I work with got hit by ~10Tbps earlier this year. It's likely because someone got mad they were banned.
The results are very public, it's the same way IRC is often targeted. They're easy targets, thousands of users are affected and the results are immediately noticeable.
> So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.
Most of the time crime groups are running extortion campaigns, amplification campaigns, etc. For example, if a competitor can benefit from them being down you may be able to sell that. Eventually we will probably see the invention of crowd-funded randsomware, where everyone must submit one verification can of crypto to unlock the hacked game servers.
Extortion. You got a nice little game server there. Would be a shame if anything happened to it.
I'm not sure why you're being downvoted, this is literally what keeps happening to me. I run a couple private MMO servers, I regularly get hit with DDoS attacks and clowns like this guy DMing me to demand money to stop attacking my servers:
https://abyss.diath.net/img/20251118055501688.png
Speculation online as to the why in this case, it's pure advertisement of their capabilities.
A satisfying theory for a lot of DDoS would be extortion or protection rackets. Pay up or we will DDoS you, or pay up or 'someone else' will DDoS you.
That's enough to explain it. But if you wanted to go more full shadowy conspiracy theory, someone arranged for a protection service that just so happens to work by giving some entity cleartext surveillance over much of the internet. Perhaps as a response to HTTPS everywhere being annoying.
I'm not suggesting that's the situation, but that it's the kind of possibility to keep in mind, intellectually, and it would be consistent with history.
What is even more interesting why attack Azure? It's not possible to extort anything from Microsoft, so what's the rationale?
Misdirection. If I knock _you_ offline, its not going to be that difficult for you to put together a probable suspects list with me on it.
If it's going to cost me about the same in terms of resources to target you and a bunch of other people colocated with you, it's a bit less obvious who launched it and why.
> targeting a specific public IP address
They weren't targeting Azure itself, per se, but some service which was hosted on Azure.
The IP address in question wasn't mentioned, so we're left to speculate what this was about.
Microsoft has succumbed to extortion recently.
> It's not possible to extort anything from Microsoft
lul wut?
https://www.businessinsider.com/trump-white-house-ballroom-d...
https://www.cnbc.com/2025/01/09/microsoft-contributes-1-mill...
1 reply →
> So why? Like why would someone pay to take a game down?
esports gambling is big business
Uh I used to get DDoSed by “booter” services whenever I would login to one of my Skype accounts. The script kiddie scene is that petty. In the private server scene one guy would DDoS competing servers that way everyone would funnel to his own.
Its just toxic behavior.
competitors might want to drive users to move away if they think a platform is broken
Gamers, am I right?
Depends on How much does it cost to hire it
Most of the time its just blackmail/extortion - pay us or we do the thing.
I've always imagined somebody will get pissed-off at me one day for banning them for bad behavior, or because I said something wrong online.
Ironically I can't read this article due to the ongoing Cloudflare explosion.
Yup, many links I have tried to access without success. Well, sucks to have such a centralized Internet.
> by exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries,
Presumably it’s possible to log the residential IP of the source of these packets.
Why isn’t there any industry group pushing for the ISPs to a) send the owners an email telling them or b) blocking off all traffic for a period to get them to do something - or is the economic cost higher than caused by the DDoS attacks?
Hmm is there a haveibeenpwned for IP addresses found in botnets? Perhaps correlated at the time of known incidents.
I would like to know if I'm serving a rogue machine and not been paying attention.
This already happens in the Netherlands, your router will be put in quarantine mode and you have to prove that the "virus" is gone
This happened to me, at the time I thought it was strange but seeing this event happen it makes a lot more sense now
What percentage of the population would have any idea how to do this? How long does it take to go through the process? Is your work, education, and safety just put on pause during this phase?
The economic costs of that fall on the (residential) ISPs and they aren't really incurring very much cost in additional bandwidth from the outgoing attacks. In most cases it will be 0. It's not 'good', as it could affect quality to a certain extent for other subscribers and it's theoretically possible it could result in a slightly higher transit bill, but ultimately it's just not really a problem for them.
Setting up the infrastructure to email customers and tell them they've got an infected device is just going to cause the subscriber to: A) Call customer support and tie up an agent who can't really tell them much - you're also going to have to train all your CS agents on these letters and what they mean. B) Complain on faceybook/Churn off your network. or C) They'll ignore it
About one in a million will fix the issue themselves.
This is why we need an external rogue actor to send those notification emails without ISP consent.
Some of these devices are controlled by the ISP. The TMobile 5G routers for example are pretty much black box devices controlled by TMobile. The home owner can't fix the device and has very limited access (via a mobile app) to 'manage' the device.
Because then the ISPs have to provide support on how to secure those devices.
I will say most of the time the ISPs themselves provide the routers at residential homes
1 reply →
That industry group would need to include the big cloud providers, and they also doesn't want to shut of abusive traffic.
Related. Others?
Cloudflare scrubs Aisuru botnet from top domains list - https://news.ycombinator.com/item?id=45574393 - Oct 2025 (142 comments)
> it suddenly ballooned in size in April 2025 after its operators breached a TotoLink router firmware update server and infected approximately 100,000 devices
This is scary. Everyone lauds open source projects like OpenWRT but... who is watching their servers?
I imagine you can't run an army of security people on donations and a shoestring budget. Does OpenWRT use digital signing to mitigate this?
Why, OpenWRT firmware and packages are both signed, of course. You can manually and independently check the image signature before flashing an update.
The build infrastructure is, of course, a juicy target: infect the artifact after building but before signing, and pwn millions of boxes before this is detected.
This is why bit-perfect reproducible builds are so important. OpenWRT in particular have that: https://openwrt.org/docs/guide-developer/security#reproducib...
This exchange is somewhat hilarious. Oh how on earth do we keep things safe and secure if everyone can see the code and verify what it does! Who would keep us safe if we turn our backs to unverifiable, unvetted, unprofitable security fixes, by for-profit companies!
4 replies →
> You can manually and independently check the image signature before flashing an update.
Of course you can. You can also read the ToS before clicking accept, but who does that?
2 replies →
Bit-Reproducible infrastructure could also result in some of the wildest build distribution architectures if you think about it. You could publish sources and have people register like in APT mirrors to provide builds, and at the end of the day, the build from the largest bit-equal group is published.
I do see the Tor-Issue - a botnet or a well-supplied malicious actor could just flood it. And if you flip it - if you'd need agreement about the build output, it could also be poisoned with enough nodes to prevent releases for a critical security issue. I agree, I don't solve all supply chain issues in one comment :)
But that in turn could be helped with reputation. Maybe a node needs to supply 6 months of perfect builds - for testing as well - to become eligible. Which would be defeated by patience, but what isn't? It'd just have to be more annoying to breach the distributed build infrastructure than to plant a malicious developer.
This combination of reproducible, deterministic builds, tests across a number of probably-trustworthy sources is quite interesting, as it allows very heavy decentralization. I could just run an old laptop or two here to support. And then come compromise hundreds of these all across the world.
9 replies →
I don't follow.
> run an army of security people
Do you think these private companies do this? They don't. They pay as little as humanly possible to cover their ass.
Botnets comprised of compromised routers is common and commercial/consumer routers are a far juicer target than openwrt.
> They pay as little as humanly possible to cover their ass.
They probably spend more on the team who ends up writing the "We take your security very seriously" breach notification message than they do on "security people". At least until then get forced into brand-name external Cyber Security Consultants to "investigate" their breach and work out who they can plausibly blame it on that's not part of the C suite.
> They pay as little as humanly possible to cover their ass.
It’s probably helpful that open source teams aren’t hampered by standards and 20 year outdated audit processes either.
This is exactly why OpenWRT has no unattended updates by default )
You are dismissing the seriousness of this. Their package manager is widely used. One would only need to compromise their build servers to wreak havoc.
Didn't they have a vulnerability in their firmware download tool like a minute ago?
The difference between OpenWRT and Linux distros is the amount of testing and visibility. OpenWRT is loaded on to residential devices and forgotten about, it doesn't have professional sysadmins babysitting it 24/7.
Remember the xz backdoor was only discovered because some autist at Microsoft noticed a microsecond difference in performance testing.
3 replies →
I recently had some issues getting one of our embeded devices connect through passive ftp. Because the exact same device worked at a different site I knew it wasn't the device or it's settings. Long story short, it turned out the problematic site hadn't been updating its routers which meant they couldn't VPN passive FTP traffic. Anyway, we have literal thousands of those routers maintained by hundreds of different companies, who are mainly there to maintain the actual mechanical equipment and not the network. Turned out the site where the technicians updated things weren't in the majority.
I'm in the process of getting the business to implement better security, and it's going better than you might expect. If it wasn't because having a plan for how to update your OT security is required to meet EU compliance, however, I doubt we would've done anything beyond making sure we could do passive FTP when it was needed.
As an example, there is still no plans to deal with the OT which we know has build in hardware backdoors from the manufactures. Wnich is around 70% of our dataloggers, but the EU has no compliance rules on that...
The post is nothing more than "but what about security" meant to deflect away from the discussion at hand and towards OpenWRT
As always, hundreds watch the open repositories, maybe one watches a company's build servers, if they're lucky. :-)
Hundreds watch, but how closely?
Plenty of stories of fairly major projects having evil commits snuck in that remain for months.
4 replies →
Digital signing wouldn't defend you from a compromised build server.
Reproducible Builds and multiple distributed builders would though.
https://reproducible-builds.org/
What in that act says OpenWrt would be made illegal? If anything, OpenWrt would roll out automated security updates for a supported branched release to comply with these regulations.
Also, if you actually read it, there are exceptions for open source software!
1 reply →
Impressive. Just reacting to the headline since the article is inaccessible.
A DDoS attack is often used to distract a company's security team. While the security staff is scrambling to get the website back online, the attackers use the chaos to conduct a more serious, stealthy attack.
I don't doubt there will have been sporadic examples of this, but what points to this "often" being the case? It seems like a tactic that wouldn't often pay off, since DDoS mitigation rarely involves relaxing security systems
Mistakes can be made during reconfigurations but you'd have to catch those while the issue is still live. Sounds like an advanced threat actor and not the run of the mill ransomware people (not that they're necessarily unsophisticated, but why'd they bother with these odds when there's low-hanging fruit to reliably exploit)
It was interesting to read that the record breaking attack caused no glitch whatsoever in the service MS provides. Which is so slow normally that I start to wonder if that is a strategy, having headroom for these kind of situations, no-one realizes slowdown when it is already slow. ;)
This is just a crazy thought, tangential to what are happening during an attack.
There are many things which run well on Azure - built by companies with good dev teams.
https://trends.builtwith.com/websitelist/Microsoft-Azure
Plenty of crappy websites on the list too.
or rather the slowness problems of MS has nothing to do with hardware or infrastructure limitations. You cannot just throw infra at a problem to mask poorly written code beyond a point.
IoT is just wave after wave of unsecure devices. There's gotta be a better way.
The "S" in IoT stands for "security".
We need IoST!
Internet of Thingsecurity?
I suppose ISPs could be more restrictive about which routers they allow their customers to use, but I'm not sure I'm a fan of further lockdown in that department.
> There's gotta be a better way.
Until then... There's gonna be a bigger wave.
You’re gonna need a bigger boat.
fun fact, part of the reason this botnet exists is because europe required the ability to install security updates unattended that you cannot disable and they compromised one of the servers that had the capability to push these updates compromising hundreds of thousands of routers.
That's really impressive finger pointing.
If the vendor can't even secure their update server; how long do you think it would be until some RCE on these 100k un-patchable routers gets exploited?
The only people to blame for this is the vendor, and they failed on multiple levels here. It's not hard to sign a firmware, or even just fetch checksums from a different site than you serve the files from...
7 replies →
That's just not true. I'm in Europe and all of my routers allow me to disable unattended updates and most don't enable it by default.
1 reply →
Wait when was this?? Did it fly under the news??
1 reply →
Are these IP addresses available somewhere so I can check if I'm part of it?
You can assume that you are part of it or another similar botnet if you have any IoT device exposed to the internet. You can use something like Shodan to see how your network looks like from the outside
I will never understand why there isn’t an international law enforcement agency with teeth, which can get rid of the bad actors.
Because every single nation would have to sign on to it allowing said agency to ignore sovereignty of each nation to come in and do their policing.
You'd also need to have every country not actively involved in these types of schemes yet we know some governments are directly benefiting from the scams/theft their citizens are perpetrating.
You'd also need to have every country think the things you want to police against are wrong. Again, we know that's just not true.
How did we (USA) so it with copyright law?
2 replies →
International DDoS busts and arrests do happen all the time.
Law enforcement takes time. The perpetrators of these attacks aren't hanging out in the open with their full names shielded only by the hope that their country won't extradite for political favor.
By the time the perpetrators are identified and a case is built, getting them charged isn't bottlenecked on the lack of an international agency. Any international law enforcement agency would be beholden to each country's own political wills and ideals, meaning any "teeth" they had would be no more effective than what we currenly have for extraditing people or cooperating with foreign police organizations.
The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things.
I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness.
> have something better than this wild west lawlessness.
Careful what you wish for. Before you know it you can't have an IP without your ID.
4 replies →
> The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things.
They've never been expected to "stamp out" those things, any more than a city police department is expected to stamp out all crime and doctors are expected to stamp out all illness. Their mission is to reduce those things:
For warfare, they have been extremely successful relative to human history. War has actually become taboo and illegal, and very few happen. Look at history before the UN - it's a miracle. Think of the vision and confidence of people who, looking at 10,000 years of human history, immediately after two world wars, thought it was even possible, came up with effective strategy, did the hard work, and accomplished it.
I don't know the details of the other fields.
> I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness.
Politics and funding, and corruption, come with every human institution over a certain size, and especially with governments which can't exclude undesireable people: Democratic governments are the least corrupt, but if the people elect a corrupt representative or executive, then nobody can kick them out (unless they commit prosecutable crimes). And now imagine an association or confederation of governments, which is what the UN is.
So yes, the goal is to make something better. Otherwise, we might as well quit on everything.
> putative UN NetWatch
But who will suppress attempts to go beyond the blackwall then?
[dead]
Since this is a distributed attack, I'm not really sure how that enforcement would look like? Am I missing something, are all these bots/zombies easily selectable and blockable?
Investigative powers should be able to at least find and seize the command and control servers, and hopefully track down people operating the command and control servers.
Some sort of international clearing house for ISPs to help identify and sequester compromised customers might be nice, too; but that doesn't need law enforcement powers; and maybe it already exists?
Because countries benefit from conducting cyber warfare, the most publicised of are north Korea and Russia which have large state sponsored hacking groups.
It's national interest of China and Russia to see the West to fail. Why would they co-operate? They are willing to murder people, West and their own, so "law" enforcement means a bit different in international context.
It is absolutely not in China's interest to see the West fail. This is propaganda
2 replies →
Typical brainwashed view.
It is China's national interests to see a stable America that can continue to maintain the post WWII world order that benefited China so much for so long. Without the US, who is going to maintain peace in the middle east, Africa and other places? without such peace, how could China export its goods and services?
"West" != America.
Your claim also implies that China and Russia are operating on the same level. That is laughable at best - Russia is a failed rogue state with the economic size comparable only to a Chinese province, it is left behind in ALL modern techs and its military hardware are aging fast. It is the complete opposite of the path took by China.
1 reply →
Perhaps because, in many cases, the very governments responsible for enforcing it include the bad actors themselves.
the real reason why these are a problem in the first place is because of cgnat and transit providers not implementing flowspec.
but these bad actors are not possible to track down in the first place since internet is unfortunately decentralized and things as simple as transactions submitted to bitcoin or etherium blockchain can be used as c&c
> international law enforcement agency
You mean Team America, World Police?
Besides the fact that not much happens in the international public sector, law enforcement is more about deterrence than prevention. Criminals aren't deterred by law enforcement, so the bad actors never stop. Human nature's a bitch.
If they did focus on prevention instead, most of this could be... prevented. Create a treaty that mandates how critical infrastructure technology is created/sold. Consumer routers will stop being shit at security, and home devices are slowed-down in upstream spamming. That's a good chunk of the denial-of-service market gone, with no need to police the world.
...but the criminals are smart and intentionally avoid attacking the powerful, so nobody cares. Same reason organized crime still exists. It's poor people caught up in gang violence and crime, not rich people, so it persists.
How would you even enforce this if the offending country doesn't agree?
Limit their upstream connection to the rest of the internet via allied countries.
Literally the same as economic sanctions. The internet is a network of peers “trading” bits and bytes after all.
6 replies →
[dead]
do you really think for example America would allow say Chinese prosecutors to arrest Americans on American soil and take them abroad to sentence them in a court that America has no influence over and then throw them in a prison which America doesn’t control?
When the deed is illegal in both places, they can be tried under either jurisdiction and convicted instead of continuing to roam free and fuck up the open web for everyone else. Yes I do think we'd want that
Borders currently get in the way but we needn't have law enforcement on foreign soil to solve that. Exchanging information and reliably acting upon it could be all these agencies need to do in their respective countries. When this proves effective aside from crime states that have no interest in upholding even their own laws (since dual illegality would probably be a prerequisite for any of this), they may eventually find themselves increasingly cut off and distrusted until they, too, cooperate or self-isolate like NK
2 replies →
>America would allow say Chinese
for at least 6 months
https://www.bbc.com/news/articles/c785n9pexjpo
https://www.justice.gov/archives/opa/pr/new-york-resident-pl...
Who would they take orders from?
from those who pay them. They are a service for hire. you can hire them if you want and have the dough.
If we were all running IPv6, we could just block this crap.
But here we are in 2025 still running IPv4 with CGNAT, so we can't.
Not sure how this would work, if you blocked those IPv6, the mostly innocent companies and people that are now blocked will be in short order getting a new IPv6 assigned by the ISP after a support call.
I was under the impression that these botnets still rely on vulnerable computers, which have a human that will be calling support asking for the issue to be resolved.
Then it needs an ISP to figure out the issue and ask the client to sort out their compromised computer, but unlikely the ISP will stop a paying customer from internet access especially if it's not clear why their original assigned IPv6 is blocked.
What difference would it make?
3 replies →
I'm sure you could come up with at least few ideas why it hasn't happened
Because it's not technicaly possible, I mean we're on HN, we all know how internet works.
You should talk to a network engineer before making claims like this. There are mechanisms to curtail DDOS attacks at origin.
For a few reasons (political, economical) there’s little will to enact them, these attacks are so few and far between and you can pay your way out of them in most cases, so the incentives aren’t there for ISPs (whom are a commodity judged primarily on price and bandwidth)
8 replies →
I heard it's a series of tubes.
many countries sponsor these attackers
I mean, America can’t do anything about scam phone calls aimed at seniors who forge caller ID of local hospitals.
As alluded to by morkalork, they definitely could if they wanted to, as the (most? of the) rest of the world doesn't seem to have this problem. As long as spammers keep paying telecoms & no law(s) forbidding this exist, it will continue.
edit: grammar
1 reply →
Can't or won't?
1 reply →
Who is going to elect and oversee them? I don't want to be governed by China or Russia.
What countries do you think these bad actors reside? Russia, China, Iran, and NK will wipe their ass with any law enforcement request.
Those exist but they might have a different idea of what makes an actor bad than you and I. Just look at what happened to Julian Assange.
Legal systems are so convoluted and so colossally heterogenous - also very protective of their ways - around the globe that miniscule collaborations require grandiose efforts to initiate and maintain. No chance these fast paced adversaries will be caught by the interplay of several dozens of reluctant dinosaur legal systems.
Tangential: once I was targeted by a pretty primitive scam. More than 10 years ago (after someone I love was naive and inexperienced, having a medium amount stolen in a sensitive and stressful time of this person's life). I recognised fast and having time and will I sarted to play along, pretending I bite the bait. Collecting info while acting. In parallel trying to connect local and international authorities to report an ongoing scam effort. I believe I tried 4 organizations in 3 different countries apparently involved, I believe one was dedicated to online scams, also trying to warn Western Union, they are about to be used for scam. I even went personally to a police station locally to get some advice on how to assist catching the criminals. Since all I encountered insisted to report my damages, so they could start an investigation on an actual loss happened, I furiously gave up and decided whenever I will be having financial trouble I will invest my efforts in scamming others. No-one cares catching those in act! So the thugs can be incredibly bold and dumb, like the one I encountered, it is no effort doing better.
America gonna allow someone else to regulate them?
Funny enough just got an error trying to reach to the blog
this link is now hammered because of cloudflare. hard day for the internets.
> it targeted a single endpoint in Australia.
It would really help to understand why attack one endpoint with "the largest DDoS attack ever observed in the cloud". If it was important, it would be redundant in its CDN. Who paid for this attack and what did they gain?
You are assuming that DDoS is signal. It's not, it's the noise.
The idea of DDoS for hire is to bury your own tracks in as much network requests as possible, so that the other side is overwhelmed processing (or even storing) that dataset and won't find out what the real target was.
That's literally the strategy of APT28/29.
we were getting hit with attacks like this daily at some point and were forced to use cloudflare magic transit it's pretty random and you shouldn't read too deep into it as nearly every anti-ddos solution, host and isp has been hit with this botnet by now.
but why? For fun?
6 replies →
It's just a couple of local Aussie nerds beefing again. Simmo broke up with Jonno's sister via IM, so feelings were hurt.
Is Shazza single now? Bonza!
What can be the result of this?
Seems useless, you might make a dent but why?
Cloudflare eats that up for breakfast
This did not age well!
Man, if you had that many nodes can you guys imagine how much cool tech you could build with that? Like you could literally rival Tor with one command. Or build a decentralized archive system. Yet, the only thing these nodes will end up doing is being used to prop up some losers ego. Literally what a waste. If you're going to commit crime at least do something cool.
You could easily get better performance with a pair of well-optimized high-density cabinets, much more reliable and not even that expensive to operate legitimately.
Most of the compromised devices are routers or IoT devices, functionally no compute power to do anything interesting except spam IPs with requests.
I feel like posting the traffic output of the network might not be a great idea because they might do these attacks on purpose to market their network's capability.
Why wouldn't microsoft advertise this though? If they had the ability to take the attack and others might not, then it'll result in more customers for them.
it's an open secret at that point and the attacks are far larger than that are causing congestion world-wide from the time they wake up to the time they go to sleep.
Cui bono?
There is a big (opportunity) cost to this kind of thing, How is this worthwhile for anyone? I assume that its's not just a competitor. Is it really worth <insert evil country>'s time to temporarily upset one of of three big cloud providers? Is there a ransom behind the scenes?
nope, there's really no cost to it - they've been hitting with attacks double or even triple the size towards random minecraft hosts for months now.
500k isn't even that many. Can probably rent that many IPs for a few grand.
I don’t mean to cast any doubt, but are those short articles the standard, or why was there almost no data provided?
> Aisuru is a Turbo Mirai-class IoT botnet
IoT botnet. Just read that again, we're literally inventing problems where none needs to exist.
IoT adds basically null or negative value, except to nerds who like to think they're smarter than other people by consuming the latest e-slop.
Its all so tiresome.
Most "IoT botnet" devices are Wi-Fi routers and IP cameras. Which are the two classes of IoT devices that provide undisputed value.
Maybe, just maybe, people aren't as stupid as you think they are?
My Hue lights and vacuums would like a word!
Is this Aisuru growing? How can it be dismantled?
Yes.
Only way is to secure your IoT devices/routers/cameras/etc.
Through personal responsibility? That is not scalable; look at how many compromised devices there are. We need a better solution as an industry.
5 replies →
Imagine how much of that traffic was just the bots following the endless redirects.
Those redirects would crash Azure, i'm betting a grand
/sarcasm Another ai crawler...
Anthropic agent went a little haywire on the tool use
> This attack lasted only 40 seconds
What's the point of this? Are they continuously running DDoS somewhere and 40 second is what the buyer paid for?
"Look at how big of a botnet we have! Imagine all of that, but on the target YOU want to go down!"
It's how you do marketing, basically.
It's basically an ad.
Source: https://techcommunity.microsoft.com/blog/azureinfrastructure...
Switched above. Thanks!
FWIW I think this is a bad practice.
The Microsoft article reads like a corporate press release. The original link contained additional pertinent information and research which is good for discussion.
1 reply →
We should make residential proxies illegal
We really shouldn’t - this seems like perhaps one of the worst ideas one could propose in an era of rising authoritarian rule. Seems like a bad time to be putting silly restrictions on how folks route their traffic.
Tinfoil hat says it’s the gov’t doing it for those reasons /s
1 reply →
ok greenie
breaking the law by using wireguard to access my home network, hmm, great idea.
Ok, I'll be a bit more specific, banning businesses and the trade of proxies that are purposefully marked as residential, in order to evade firewall blocks, and even to evade proxy blocks.
You gotta draw the line in the sand somewhere, VPNs are already morally dubious, but if you ban the most shady of VPNs, residential proxies, then you can at least guarantee service providers the right to deny service to proxy users, while allowing proxy users to use the proxy everwhere they are welcome in.
2 replies →
Making them illegal seems far-fetched, but at this point something like email blacklists but for web services is becoming inevitable.
At the moment, that's what Cloudflare is doing. They're just not obvious enough, leading to people on forums (and here) asking "why do I constantly need to fill out captchas to enter websites".
...and suddenly no one is allowed to VPN back through their home router.
How would that be enforced?
> This attack lasted only 40 seconds but was roughly equivalent to streaming one million 4K videos simultaneously.
Who is this for? Is there anyone reading the article that can't grasp what a terrabit is but can somehow conceptualise one million 4k videos streaming simultaneously? I don't think anyone sits in that venn diagram.
Yeah. That falls in the same bin as number of Olympic swimming pools or distance to the moon.
The best, meaningful comparison I've read is from Bill Bryson in A Short History of Nearly Everything. In it, he notes that there are 1M seconds in 11 days but 1B seconds takes 32 years.
An regular user would associate 4k is premium / expensive and difficult to use without better phones/network/plans/signal strength etc so the idea would be to be signal it is 1M times with a somewhat challenging thing for them.
Non-tech savy users know how live streams crash with sports like with Netflix recently during boxing etc or on Twitter last year and usually those come with some n Million users in kind of headlines or the like, so they have some reference to that scale.
As analogies go, there are worse examples. BleepingComputer is hardly the New Yorker or Atlantic, best we can hope for these days is a human is writing the article I suppose.
I've always disliked the "it's like X amount of [resolution] video!!" Are we talking a UHD 4K Bluray? or 4K Netflix? or 4K YouTube? Bitrate is all that matters.
Well I found it helpful for putting it into perspective.