the stream

Google Project Shield & Krebs on Security

Alexander Bochmann Friday 03 of February, 2017
Ars Technica has an article with some more background on the DDOS attacks targeted at the Krebs on Security blog, and how Google engineers dealt with them after Krebs was accepted into Project Shield.

The attacks used a variety of techniques beyond just packet or http request floods:
Ars Technica wrote:
The attacks were the most powerful in the first two weeks, but as they continued, they incorporated a variety of new techniques. One, dubbed a WordPress pingback attack, abused a feature in the widely used blogging platform that automates the process of two sites linking to each other. It caused a large number of servers to simultaneously fetch KrebsOnSecurity content in an attempt to overwhelm site resources. Google was able to block it, because each querying machine broadcast a user agent that contained the words "WordPress pingback," which Google engineers promptly blocked. Another technique dubbed "cache-busting attacks" was also stopped.

Also, about Google's decision making process:
Ars Technica wrote:
"What happens if this botnet actually takes down google.com and we lose all of our revenue?" Google Security Reliability Engineer Damian Menscher recalls people asking. "But we considered that if the botnet can take us down, we're probably already at risk anyway. There's nothing stopping them from attacking us at any time. So we really had nothing to lose here."

Update: Brian Krebs now has an own post on the topic