Linode fends off multiple DDOS attacks

Nowhere near as bad as its ten-day Christmas cracker, but something seems to be afoot


Cloud hosting outfit Linode has again come under significant denial of service (DoS) attack.

The attacks aren't as bad as the epic events that all-but-took Linode down in January 2016, but they are coming in thick and fast.

The company's reported DoS attacks on September 2nd, September 4th and then a series of attacks on September 5th. Another round struck on Saturday, September 10th. Some of the attacks lasted up to eight hours.

Linode's engineers appear to have successfully fought off all of the attacks, but has often warned of degraded performance to APIs or sometimes to whole data centres.

The weekend attacks struck three data locations: Singapore, Atlanta and Tokyo. The Tokyo DoS attack was over in ten minutes. The other incidents ran a little longer.

Linode's logs suggest it noticed and mitigated the attacks within half an hour. So the company has clearly armed itself with tools that allow it to deflect DoS attacks quickly and effectively.

It clearly needs that capacity: The Register counts ten attacks in September alone and the month is young. ®

Similar topics


Other stories you might like

  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • Apple gets lawsuit over Meltdown and Spectre dismissed
    Judge finds security is not a central feature of iDevices

    A California District Court judge has dismissed a proposed class action complaint against Apple for allegedly selling iPhones and iPads containing Arm-based chips with known flaws.

    The lawsuit was initially filed on January 8, 2018, six days after The Register revealed the Intel CPU architecture vulnerabilities that would later come to be known as Meltdown and Spectre and would affect Arm and AMD chips, among others, to varying degrees.

    Amended in June, 2018 the complaint [PDF] charges that the Arm-based Apple processors in Cupertino's devices at the time suffered from a design defect that exposed sensitive data and that customers "paid more for their iDevices than they were worth because Apple knowingly omitted the defect."

    Continue reading
  • Threat and risk specialists signal post-COVID conference season is back on
    Well, we'll see in a week or so

    RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.

    The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.

    The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it's a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

    Continue reading
  • Travis CI exposes free-tier users' secrets – new claim
    API can be manipulated to reveal tokens in clear text log data

    Travis CI stands for "Continuous Integration" but might just as well represent "Consciously Insecure" if, as security researchers claim, the company's automation software exposes secrets by design.

    Aqua Security Software on Monday said its researchers had reported a data disclosure vulnerability with the Travis CI API. The response they said they received is that everything is working as intended.

    In a blog post security researchers Yakir Kadkoda, Ilay Goldman, Assaf Morag, and Ofek Itach said they had found tens of thousands of user tokens were accessible through the Travis CI API, which provides a way to fetch clear-text log files.

    Continue reading

Biting the hand that feeds IT © 1998–2022