nanog mailing list archives
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
From: "Jean | ddostest.me via NANOG" <nanog () nanog org>
Date: Thu, 22 Dec 2016 08:27:03 -0500
I apologize for my previous email.After a second thought it might sound like it's a booter even though I want to offer something else.
I don't want the conversation shifting toward business when we talk about a new DDoS technique that operate at Layer 3 with amplification power x100. I disabled the "booter" service and will review this offline with my lawyer. Thanks for pointing this out.
Now back to this new DDoS technique. If it can amplify at Layer 3, it could potentially be use in conjunction with the already known Layer 4 amp DDoS like dns, ntp, ssdp, snmp, etc. It doesn't need to be use in conjunction but it could.
Like mentioned earlier, it doesn't need spoofing so any device could be part of it.
Google already acknowledged through their vulnerability program that there is something interesting there and they are still assessing the risk/impact. They suggested me to start privately disclose this with some big players. I thought NANOG would be a good start. I guess they also need time and maybe partners to test and validate all this data.
Cert-CC is also aware and they are also working out something on their side.
I am in good faith here and time is not against us. I discover something new that I want to share properly and I am not here to make business.
Sincerely, Jean St-Laurent On 16-12-22 08:21 AM, Tom Beecher wrote:
You're claiming to be able to generate more than 10 times as much traffic as the largest DDoS ever seen in the wild whilst 3 months into a position at a company that sells 'self-DDoS' services for testing purposes. In that absence of anything more than 'GUYZ THIS IS SERIOUS' , with no technical details, you can surely understand the skepticism. On Thu, Dec 22, 2016 at 5:45 AM, Jean | ddostest.me via NANOG < nanog () nanog org> wrote:I admit that I have a lot of guts. Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me. I want to help and fix things and I am not the kind of person to break things. Jean On 16-12-22 03:46 AM, j.j.santanna () utwente nl wrote:Hi Jean, You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral. In case you use your own infrastructure or rent a legal (cloud) infrastructure to provide your "service" it will not pay your costs. Not at least by the price that you offer your service: 0, 13, 100 bucks. Even if you have a legal/moral acceptable attack infrastructure, if you throw those big attacks that you advertise will possibly take down many others third-parties on the way. Sometimes you folks say that (mis)use amplifiers for “testing” purpose is not a problem because those services are open and publicly available on the Internet. Come on… if I leave my car open with the key inside it doesn’t give you the right to use my car to throw into a third party company. And if you do, it is YOUR CRIME, not mine. I don’t need to explain why using botnets is illegal and immoral, right? Man, it is up to you decide between cyber crime and cyber security ( https://www.europol.europa.eu/activities-services/public-aw areness-and-prevention-guides/cyber-crime-vs-cyber-security- what-will-you-choose). Now, we are also looking to you on http://booterblacklist.com<http://booterblacklist.com/>. Thanks! Cheers, Jair Santanna On 22 Dec 2016, at 07:51, Alexander Lyamin <la () qrator net<mailto:la@qrato r.net>> wrote: I am just trying to grasp what is similarity between networks on the list and why it doesn't include, say NTT or Cogent. On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/> via NANOG < nanog () nanog org<mailto:nanog () nanog org>> wrote: Hello all, I'm a first time poster here and hope to follow all rules. I found a new way to amplify traffic that would generate really high volume of traffic.+10Tbps ** There is no need for spoofing ** so any device in the world could initiate a really big attack or be part of an attack. We talk about an amplification factor x100+. This mean that a single computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS. Imagine what a botnet could do? The list of affected business is huge and I would like to privately disclose the details to the Tier1 ISP as they are highly vulnerable. XO Comm PSINET Level 3 Qwest Windstream Comm Eearthlink MCI Comm/Verizon Buss Comcast Cable Comm AT&T Sprint I know it's Christmas time and there is no rush in disclosing this but, it could be a nice opportunity to meditate and shed some lights on this new DDoS threat. We could start the real work in January. If you are curious and you operate/manage one of the network mentioned above, please write to me at tornaddos () ddostest me<mailto:t ornaddos () ddostest me> from your job email to confirm the identity. I will then forward you the DDoS details. Best regards Jean St-Laurent ddostest.me<http://ddostest.me/> 365 boul. Sir-Wilfrid-Laurier #202 Beloeil, QC J3G 4T2 -- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la () qrator net<mailto:la () qrator net>
Current thread:
- [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 21)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 21)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 21)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 21)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Edward Dore (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Ken Chase (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack William Herrin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Edward Dore (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)