The attackers behind the DDoS -- which began on Feb. 6 and continued through the weekend on most of the sites -- deployed a massive botnet of some 80,000 zombies to flood the sites' domains with HTTP requests, according to Cisco researchers.
HD Moore, creator of Metasploit, says the DDoS' incoming connection rate exceeded 15 Mbps and used SYN packets. He has temporarily rerouted Metasploit's traffic here while he continues to gather more data on the attack as well as the culprit.
"It's the same flood, same request, etc., as the one on Friday," Moore says. The attack on Metasploit started with around 80,000 connections per second, and was at around 10,000 connections per second last night before rising again to around 60,000 later in the evening, he says.
Moore says the attack is not sophisticated, but it's "annoying."
"So far it just seems to be an ego thing -- someone with a chip on their shoulder and a botnet on hand being an idiot," says Moore, who is currently gathering a list of sources of the attack, which he plans to use to block the attacker altogether.
One of the other victimized security sites apparently tried this tack during the weekend, he says, and then the attacker switched from SYN to UDP packet flooding to keep the DDoS alive.
Moore says DDoS'ing an open-source project such as Metasploit is mainly a nuisance attack because "it's not like we're losing sales."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message