So I updated the README for my security-courses Git repo containing all my teaching materials. Trying to make it more understandable and readable, but wondering if it is ...

If you want to help me please read it, and comment. If you feel adventurous you can also start installing LaTeX and try it! This might pull you into a nice rabbit hole though!

or look at PDFs all over the place, quite a lot about #DDoS, #Pentest, #hacking etc.

https://codeberg.org/kramse/security-courses

and it is #OpenSource of course

I know this because they are constantly under attack by fascist script kiddies who are regularly flooding them with spam, and periodically launching DDoS attacks against them. Only someone doing a truly useful and ethical public service could evoke such extreme hatred of the worlds most evil people.

The Codeberg admins deleted these spam posts within an hour of them being posted and deleted the accounts that generated them. They are doing a fantastic job, and I thank them for their dedication and hard work.

Millions of devices reaching end-of-life with access to fast internet are turning into a cybersecurity nightmare.

#cyberattack #cybersecurity #internet #DDoS

https://cnews.link/record-breaking-botnet-leads-surge-in-ddos-attacks-1/

From 14 to 17 April NoName057(16) group paid by the Russian regime, calling themselves hacktivists, consistently DDoSed several companies linked to Polish critical infrastructure. Their attacks were successfully repelled and had absolutely no impact.
Usually, in this context, we hear about attacks that made systems and websites unavailable. It's time to change that.

#Poland
#StandWithUkraine
#DDoS
#CyberAttack
#criticalinfrastructure
#noname
#DDOSIA

I have just taken the time to thoroughly read the following article

This article has led me to the conclusion that an Open{source} War will have to be waged against LLM large language model abusers of data collection.

The work of these bots is pure DDoS denial of service. An interesting set of offensive tools have been programmed and are already implemented. They have proven to be quite effective and are being refined into sophistication to literally work to knock these networks of bots offline, in a DOT MMORPG approach.

It is unthinkable that LLM bots steal our Open Source resources servers bandwidth and financial cashflow without serious repercussions!

WTF are LLM companies thinking? Even Meta has waged war against us!

LLM has waged a brutal war.

The Open Source Community is responding; even those at The Dark Side of the internet are making tools to assist everyone against Artificial Intelligence LLM DDoS attacks, which knock whole Open Source Networks offline, as we speak.

It doesn't matter if in the end it looks like a Terminator landscape globally on the IT scale. Open source will win. LLM will disappear...

Via #LLRX @psuPete Recommends Weekly highlights on cyber security issues, 4/12/25 5 highlights - #Biometrics vs. #passcodes: What lawyers recommend if you’re worried about #warrantless phone searches; #DDoS Attacks Now Key Weapons in Geopolitical Conflicts, NETSCOUT Warns; #Google Maps doubles down on preventing fake reviews; Large number of US adults view #AI as a threat: Report; Explosive Growth of Non-Human Identities Creating Massive #Security Blind Spots https://www.llrx.com/2025/04/pete-recommends-weekly-highlights-on-cyber-security-issues-april-12-2025/ #privacy

Just wanted to share some thoughts on #RFC9715 - an #RFC that defines standards on reducing the #DNS issue of IP fragmentation over #UDP. It's not a long read, but a good one for everyone who understands the issues of large UDP responses on the #Internet. A great leap forward to (hopefully) reduce the reflection/amplification #DDoS potential of DNS.

Just today I learned that #Google will configure their public DNS resolvers to limit to ~1400 bytes (smaller adjustments expected while figuring out the sweet spot in production). From now on, DNS responses which exceed this limit will have the truncated flag set instructing the client to resolve back to #TCP.

Als je #DigiD nodig hebt, is het er weer niet.

Dal wel weer een #ddos zijn vanuit een bekend land om de boel te ontwrichten. En voor ons een melding, we hebben even onderhoud.

I've seen a real uptick in the past couple of days in attacks on my IP address space. Not sure if I'm being targeted, or part of a wider campaign. Oh well, fail2ban makes quick work of them

I'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed

(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)

Has anyone else been seeing this and do you have an idea what's behind it?

So apart from the attempt to open a lot of Facebook accounts using my domain, my site has also been under sporadic DDoS attacks. I hope you don't have too much trouble connecting at times.

And no, I have no idea who I ticked off now.

Nachdem diverse #ki #ai #crawler besonders respektvoll mit den öffentlichen Ressourcen von Open Source Projekten umgehen, habe ich mich dazu entschlossen eben diese auszusperren. Wir hatten in der Vergangenheit crawls, die im #monitoring als #ddos gewertet wurden.

Diverse AS erfreuen sich nun einem dauerhaften 429, einige wenige die es für alle kaputt machen…

Netscout reports DDoS attacks surged from 13M+ in 2023 to ~17M in 2024, with new tech like #AI supercharging their impact. These attacks are now a staple of #GeopoliticalConflict. #CyberSecurity #DDoS #TechTrends #AIImpact #CyberThreats #InfoSec

NetScout: DDoS: The Next Generation https://www.netscout.com/threatreport @netscout

More:

Betanews: Politically motivated DDoS attacks target critical infrastructure https://betanews.com/2025/04/02/politically-motivated-ddos-attacks-target-critical-infrastructure/ @betanews @iandbarker #DDoS

News on the #DDoS front: The latest #threatreport of #NETSCOUT was just published. As usual, a great read for those in the industry!

netscout.com/threatreport/

Distributed denial of service (DDoS) attacks in 2024 at OVH.

https://blog.ovhcloud.com/a-brief-retrospective-of-network-layer-ddos-attacks-in-2024-at-ovhcloud/
- - -
Attaques de déni de service distribuées (DDoS) en 2024 chez OVH.

// Publication en anglais //

«There’s been something of an epidemic of malicious bots on the internet these days. You may have seen a post recently titled “Please stop externalizing your costs directly into my face“, or “FOSS infrastructure is under attack by AI companies“. Those are all happening to us, too. Surprise.»

TCRF has been getting DDoSed – Xkeeper's blog - https://blog.xkeeper.net/uncategorized/tcrf-has-been-getting-ddosed/

I'm getting #DDOS-ed by #AIcrawlers right now, even though I have a strict robots.txt.

Outgoing traffic suddenly increased (more or less 10 times regular traffic).

I have to block their crap using my firewall. That's NOT OK.

An interesting code hosting related downside of AI. #ai #ddos #web #scraping #copyright #code

https://techcrunch.com/2025/03/27/open-source-devs-are-fighting-ai-crawlers-with-cleverness-and-vengeance/

It’s been one of those weeks, including a thread of #IT #cluelessness and tomfoolery. Sure, reduce the rate limit for all #API users to one call every five minutes, because you have some unapproved bad actors executing a #DDoS. You know you can rate limit by user, but why bother?

I did eventually remind them they re-enabled any random user to create their own API #token. They seemed honestly surprised. Which made it all the more sad. Emperor, please put your clothes back on.