I spot-checked some of those IPs in the video, and it appears all of them are on Amazon. So, what does the attacker's stack look like? Is it a bunch of servers running PHP and listening for a connection to run curl? Or Lambda functions configured to proxy the connection attempt to IG? Curious how much effort goes into setting up an attack like this. It's surprising (to me) that so many IPs can be used for so little money.
I've done scraping distributed over many IPs. I used luminati, bought X IPs, ran a bash script to download all IPs to a file, read the file in from python and spit out a new thread for each IP. Just used as a proxy, all activity was controlled by a single server.
Re Amazon, I've done that too and the way it works is you start up an EC2 instance that does the work and sends back info. In my case I sent the info to an S3 bucket and then pulled all the info from that bucket elsewhere once all the machines finished. Ultimately you pay for what you use, and if you only use an hour across a ton of machines and use the cheapest machine it's pretty cheap.
FYI: luminati will give you unlimited bandwidth for like $1/IP/month.
Worth noting that price is for datacenter IPs - residential ones are much more expensive and I’ve heard that IG is rejecting more datacenter traffic as of late.
Is this the company that offers a free VPN extension and pays for it selling those people machines bandwidth? I always thought their business model is way too shady to be legal.
It's very easy to terraform 1000 nano machines on ec2, as he said it wouldn't be expensive at all. In fact, he estimates $150, but for 1000 nano machines for 10 minutes i believe it's under a dollar. Possibly nano machines aren't powerful enough to spam the verify endpoint enough
200 curls can be ran from any ec2 instance. there is literally no overhead.
personally i would spin up a million lambda functions and just see what happens. each one def wouldn't get its own ip but maybe you would have good coverage?
> Docker doesn't help distribute requests over IPs
That depends on your orchestration. AWS provide several tools for running Docker without having to maintain your own EC2 hosts.
> You can easily set up a launch configuration for EC2 that runs a script or program... But with a bit more work lambda will save a lot of money
You could do that via a launch configuration but that would be a pretty naff way of doing it. Baked AMI would be easier but personally I'd prefer ECS (Docker) or lambda. Cheaper, quicker to deploy, lower ramp up times.
Ultimately though, there's no wrong way to do this - just personal preference.
