nanog mailing list archives
Re: Large DDoS, small extortion
From: Merike Kaeo <merike () doubleshotsecurity com>
Date: Thu, 22 May 2014 15:17:40 -0700
I will use this opportunity to solicit real world experience and use cases that could be discussed at the Security Track at NANOG 61. While I've been soliciting talks in operational security specific groups, this thread also peaked my interest. Nothing beats sharing the good, the bad, the ugly and how collectively we can improve on how we mitigate against varying attacks. Please respond to me in unicast and let me know if you'd be willing to share some experiences. The Security Track is not recorded nor streamed and you do not need a formal presentation. - merike On May 22, 2014, at 1:38 PM, Barry Shein <bzs () world std com> wrote:
You know what would be nice? Some real life experience and results,
case studies.
I see the "common sense" and "logic" to a lot of these suggestions but
that and $1.75 plus tax will get you a venti coffee of the day at
Starbucks.
Victim: I'd be very wary of these suggestions unless there's some
good, solid reason to believe they're based on reality not just "I've
simulated all of human psychology in my head and here's what I think
you should do..."
I think it's interesting that the guy asks for such small amounts,
under US$1000.
Maybe that's a lot of money for him.
Maybe he thinks it won't be worth investigating such a small amount.
Maybe he thinks it's not a very big crime so if he gets caught he's
more likely to walk.
Maybe he thinks he's poor/broke and this money is deservedly his to
demand, it's such a modest demand.
Note: He could be factually/legally wrong but that's why I prefaced
with "maybe he thinks..."
Maybe he's a sadist and gets a kick out of making you squirm and the
money is just his way of keeping score, making you do something
tangible, kind of like "kiss my boots!"
Maybe he's insane which voids all of the above.
Maybe it's some sort of penetration exercise by terrorists, a govt,
etc.
Maybe all I've said and $1.75 plus tax...
--
-Barry Shein
The World | bzs () TheWorld com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Large DDoS, small extortion, (continued)
- Re: Large DDoS, small extortion Jared Mauch (May 22)
- Re: Large DDoS, small extortion Roland Dobbins (May 22)
- Re: Large DDoS, small extortion Livingood, Jason (May 22)
- Re: Large DDoS, small extortion Roland Dobbins (May 22)
- Re: Large DDoS, small extortion Warren Bailey (May 22)
- Re: Large DDoS, small extortion Mr. Queue (May 22)
- Re: Large DDoS, small extortion Roland Dobbins (May 22)
- Re: Large DDoS, small extortion manning (May 22)
- Re: Large DDoS, small extortion Warren Bailey (May 22)
- Re: Large DDoS, small extortion Damian Menscher (May 22)
- Re: Large DDoS, small extortion Barry Shein (May 22)
- Re: Large DDoS, small extortion Merike Kaeo (May 22)
- Re: Large DDoS, small extortion Roland Dobbins (May 22)
- Re: Large DDoS, small extortion Blake Dunlap (May 22)
- Re: Large DDoS, small extortion Roland Dobbins (May 22)
- Re: Large DDoS, small extortion Barry Shein (May 23)
- Re: Large DDoS, small extortion Roland Dobbins (May 23)
- Re: Large DDoS, small extortion Barry Shein (May 23)
- Re: Large DDoS, small extortion Roland Dobbins (May 23)
- Re: Large DDoS, small extortion Andrew Sullivan (May 23)
- Re: Large DDoS, small extortion Barry Shein (May 24)
- Re: Large DDoS, small extortion Brett Frankenberger (May 23)
- Re: Large DDoS, small extortion Barry Shein (May 22)