50 comments

[ 2.7 ms ] story [ 63.1 ms ] thread
We should make residential proxies illegal
Imagine how much of that traffic was just the bots following the endless redirects.
Funny enough just got an error trying to reach to the blog

        Proxy Error
        The proxy server received an invalid response from an upstream server.
        The proxy server could not handle the request
        Reason: Error reading from remote server
IoT is just wave after wave of unsecure devices. There's gotta be a better way.
I suppose ISPs could be more restrictive about which routers they allow their customers to use, but I'm not sure I'm a fan of further lockdown in that department.
Is this Aisuru growing? How can it be dismantled?
I will never understand why there isn’t an international law enforcement agency with teeth, which can get rid of the bad actors.
> international law enforcement agency

You mean Team America, World Police?

Besides the fact that not much happens in the international public sector, law enforcement is more about deterrence than prevention. Criminals aren't deterred by law enforcement, so the bad actors never stop. Human nature's a bitch.

If they did focus on prevention instead, most of this could be... prevented. Create a treaty that mandates how critical infrastructure technology is created/sold. Consumer routers will stop being shit at security, and home devices are slowed-down in upstream spamming. That's a good chunk of the denial-of-service market gone, with no need to police the world.

...but the criminals are smart and intentionally avoid attacking the powerful, so nobody cares. Same reason organized crime still exists. It's poor people caught up in gang violence and crime, not rich people, so it persists.

> it suddenly ballooned in size in April 2025 after its operators breached a TotoLink router firmware update server and infected approximately 100,000 devices

This is scary. Everyone lauds open source projects like OpenWRT but... who is watching their servers?

I imagine you can't run an army of security people on donations and a shoestring budget. Does OpenWRT use digital signing to mitigate this?

I recently had some issues getting one of our embeded devices connect through passive ftp. Because the exact same device worked at a different site I knew it wasn't the device or it's settings. Long story short, it turned out the problematic site hadn't been updating its routers which meant they couldn't VPN passive FTP traffic. Anyway, we have literal thousands of those routers maintained by hundreds of different companies, who are mainly there to maintain the actual mechanical equipment and not the network. Turned out the site where the technicians updated things weren't in the majority.

I'm in the process of getting the business to implement better security, and it's going better than you might expect. If it wasn't because having a plan for how to update your OT security is required to meet EU compliance, however, I doubt we would've done anything beyond making sure we could do passive FTP when it was needed.

As an example, there is still no plans to deal with the OT which we know has build in hardware backdoors from the manufactures. Wnich is around 70% of our dataloggers, but the EU has no compliance rules on that...

I don’t mean to cast any doubt, but are those short articles the standard, or why was there almost no data provided?
I feel like posting the traffic output of the network might not be a great idea because they might do these attacks on purpose to market their network's capability.
Cui bono?

There is a big (opportunity) cost to this kind of thing, How is this worthwhile for anyone? I assume that its's not just a competitor. Is it really worth <insert evil country>'s time to temporarily upset one of of three big cloud providers? Is there a ransom behind the scenes?

(comment deleted)
> it targeted a single endpoint in Australia.

It would really help to understand why attack one endpoint with "the largest DDoS attack ever observed in the cloud". If it was important, it would be redundant in its CDN. Who paid for this attack and what did they gain?

A DDoS attack is often used to distract a company's security team. While the security staff is scrambling to get the website back online, the attackers use the chaos to conduct a more serious, stealthy attack.
> This attack lasted only 40 seconds but was roughly equivalent to streaming one million 4K videos simultaneously.

Who is this for? Is there anyone reading the article that can't grasp what a terrabit is but can somehow conceptualise one million 4k videos streaming simultaneously? I don't think anyone sits in that venn diagram.

Well I found it helpful for putting it into perspective.
This is what I don't get

>The Aisuru DDoS botnet operates as a DDoS-for-hire service with restricted clientele; operators have reportedly implemented preventive measures to avoid attacking governmental, law enforcement, military, and other national security properties. Most observed Aisuru attacks to date appear to be related to online gaming.

https://www.netscout.com/blog/asert/asert-threat-summary-ais...

So why? Like why would someone pay to take a game down? I see this all over reddit with different games but I just don't get the point. What's the benefit of taking down an online game for a couple of hours.

> So why? Like why would someone pay to take a game down?

esports gambling is big business

> What's the benefit of taking down an online game for a couple of hours.

Competitive MMO. Imagine some event is setup to start at some time and your guild or alliance knows they're gonna lose it and the resource it gives: DDOS the server so it's down during the event so it does not run. Enjoy the fact you kept the asset linked to said event and sell the resources you get for real money.

If you've never played those kind of games you cannot fathom how cutthroat they can become. I'm part of a guild which has a specific intelligence branch with spies embedded in many other guilds and that's playing nice because we're not selling anything.

My online gaming days are basically non-existent the last decade, but seeing stuff like this makes me want to make my comeback. The funny and bizarre stories I have from WoW...
Speculation online as to the why in this case, it's pure advertisement of their capabilities.
It may be for market manipulation. It may be extortion against the owning company. It may even be to take down a rival online game for a while.

I don't expect the big publisher games like PUBG to attack each other with DDoS attacks, but casino games? Or even sleazy Minecraft servers? I can totally see it.

You are questioning the human nature.
You have a Minecraft server. You generate money from it (selling VIP packages, et cetera). You could generate more money if you had more players. You can have more players if you consistently DDoS other more popular servers; the experience for these players will be horrible and they might give your server a chance.
(comment deleted)
> This attack lasted only 40 seconds

What's the point of this? Are they continuously running DDoS somewhere and 40 second is what the buyer paid for?

"Look at how big of a botnet we have! Imagine all of that, but on the target YOU want to go down!"

It's how you do marketing, basically.

> Aisuru is a Turbo Mirai-class IoT botnet

IoT botnet. Just read that again, we're literally inventing problems where none needs to exist.

IoT adds basically null or negative value, except to nerds who like to think they're smarter than other people by consuming the latest e-slop.

Its all so tiresome.

Most "IoT botnet" devices are Wi-Fi routers and IP cameras. Which are the two classes of IoT devices that provide undisputed value.

Maybe, just maybe, people aren't as stupid as you think they are?

Man, if you had that many nodes can you guys imagine how much cool tech you could build with that? Like you could literally rival Tor with one command. Or build a decentralized archive system. Yet, the only thing these nodes will end up doing is being used to prop up some losers ego. Literally what a waste. If you're going to commit crime at least do something cool.
Most of the compromised devices are routers or IoT devices, functionally no compute power to do anything interesting except spam IPs with requests.
You could easily get better performance with a pair of well-optimized high-density cabinets, much more reliable and not even that expensive to operate legitimately.
500k isn't even that many. Can probably rent that many IPs for a few grand.
> by exploiting compromised home routers and cameras, mainly in residential ISPs in the United States and other countries,

Presumably it’s possible to log the residential IP of the source of these packets.

Why isn’t there any industry group pushing for the ISPs to a) send the owners an email telling them or b) blocking off all traffic for a period to get them to do something - or is the economic cost higher than caused by the DDoS attacks?

Cloudflare eats that up for breakfast