As one of the researches and authors of the original post (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.incapsula.com%2Fblog%2Funmasking-ddos-for-hire-fiverr.html) I`m surprised to see the negative reactions towards Fiverr. Whatever your position is on gig economy--and I can understand both sides of the argument--in this case the Fiverr team deserves to be commended for their actions. Fiverr is a huge marketplace and it’s unreasonable to expect them to proactively screen all sellers and their offerings. However, once notified, they moved quickly to investigate and ban the DDoS-for-hire providers, removing them all in just under 48 hours. That's more that I can say about many other companies that knowingly provide their services to the same crooks. They did the right thing. I wish more would do the same.

That's actually a very good practice that will counter many of the origin-exposing vectors.

I actually work for one of the DDoS mitigation providers mentioned in this research paper. (Incapsula)

Speaking as an "insider" I can tell you that, while the statistical study is very interesting, none of the origin-exposing vectors it mentions are particularly new.

In fact all of these could be countered by few well-known best practices, which we are suggesting for years.

I've put up a list of things you can do to immunize your website from origin-exposing attacks. https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.incapsula.com%2Fblog...

I hope that now, with the subject getting some long overdue recognition, more people will get acquainted with these and pay more attention to their deployment configuration.

PS: IP masking is really not the best way to protect your origin. Today, almost all cloud-based vendors offer BGP enabled DDoS protection for direct-to-origin attacks.

:) You are correct. Remind me of a movie quote (not sure which)... "When you do things right, people won't be sure you've done anything at all..."

Hi, I work for Incapsula. Our service is used by thousands yet - on the day of attack (Sep 25) you`ll find no downtime reports on twitter, facebook or public forums. I can't imagine any scenario in which a 60 minute long downtime of our services would have gone unnoticed yet this is the first time I hear about this... I`m sure that what you describe here is a localized issue, which is *not* Incapsula-related. Please reach out to our support. We will be happy to assist you to investigate further.

Hi I work for Incapsula. We use uptime monitoring for health checks + our reverse proxy technology ensures that every little bit of traffic comes through our cloud first. As a result we know if we have any downtime/spillage. Having said that, our multi-server data center are build in such a way that - in the even of DDoS - malicious traffic is quarantined and managed by filtered scrubbing servers. (which do not handle regular traffic)

Hi I work for Incapsula. This is what happened: On Sep 25 we reported a 100Gbps DDoS attack (https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Ftwitter.com%2FIncapsula_com%2Fstatus%2F382945744593764353), as we often do with large DDoS events. To be perfectly honest, we didn't even know that this was news, until we were contacted by the reporter... Our initial report predates the coverage by almost a week so we couldn't make this up, at least not without planning this for weeks in advance. (we don't have time for such ploys) Also, we NEVER disclose our clients unless we have their permission to do so, which most are reluctant to provide. From security POV, the less information the attacker has - the better. Revealing your mitigation solution is not exactly a best practice.

I think that it will actually boost short-term revenues. New consoles will bring new games, new interest and perhaps even new market share (more casual gamers). Used games can still be big. Even without revers compatibility people will still buy new games, finish them and want to exchange them.