Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

[<j.j.santanna () utwente nl>]

I am saying!

As far as I understand you are offering DDoS attacks as a paid service, right? Some people would say that you offer 
DDoS for hire. What is the difference between your service and a Booter service. Only a “validation" that your client 
is “stress testing” him/herself does not make you legal. Sorry man but you can NOT claim yourself as a legal/moral 
acceptable stress tester if you misuse devices on the Internet, such as amplifiers, webshell, and botnets.

Although you don’t consider yourself a Booter,  you are one of them!

I leave up to you the definition of stupid.

Cheers,

Jair Santanna
jairsantanna.com<http://jairsantanna.com>



On 22 Dec 2016, at 11:45, Jean | ddostest.me<http://ddostest.me> <jean () ddostest me<mailto:jean () ddostest me>> 
wrote:

I admit that I have a lot of guts.

Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would 
be stupid enough to put his full name with full address to a respected network operators list? Definitely not me.

I want to help and fix things and I am not the kind of person to break things.


Jean

On 16-12-22 03:46 AM, j.j.santanna () utwente nl<mailto:j.j.santanna () utwente nl> wrote:
Hi Jean,

You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators 
list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral.  In 
case you use your own infrastructure or rent a legal (cloud) infrastructure to provide your "service" it will not pay 
your costs. Not at least by the price that you offer your service: 0,  13, 100 bucks. Even if you have a legal/moral 
acceptable attack infrastructure, if you throw those big attacks that you advertise will possibly take down many others 
third-parties on the way.

Sometimes you folks say that (mis)use amplifiers for “testing” purpose is not a problem because those services are open 
and publicly available on the Internet. Come on… if I leave my car open with the key inside it doesn’t give you the 
right to use my car to throw into a third party company. And if you do, it is YOUR CRIME, not mine.

I don’t need to explain why using botnets is illegal and immoral, right?

Man, it is up to you decide between cyber crime and cyber security 
(https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/cyber-crime-vs-cyber-security-what-will-you-choose).
 Now, we are also looking to you on http://booterblacklist.com<http://booterblacklist.com/>. Thanks!

Cheers,

Jair Santanna




On 22 Dec 2016, at 07:51, Alexander Lyamin <la () qrator net<mailto:la () qrator net><mailto:la () qrator net>> wrote:

I am just trying to grasp what is similarity between  networks on the list
and why it doesn't include, say NTT or Cogent.



On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/><http://ddostest.me/> via NANOG <
nanog () nanog org<mailto:nanog () nanog org><mailto:nanog () nanog org>> wrote:

Hello all, I'm a first time poster here and hope to follow all rules.

I found a new way to amplify traffic that would generate really high
volume of traffic.+10Tbps

** There is no need for spoofing ** so any device in the world could
initiate a really big attack or be part of an attack.

We talk about an amplification factor x100+. This mean that a single
computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.
Imagine what a botnet could do?

The list of affected business is huge and I would like to privately
disclose the details to the Tier1 ISP as they are highly vulnerable.

XO Comm
PSINET
Level 3
Qwest
Windstream Comm
Eearthlink
MCI Comm/Verizon Buss
Comcast Cable Comm
AT&T
Sprint

I know it's Christmas time and there is no rush in disclosing this but, it
could be a nice opportunity to meditate and shed some lights on this new
DDoS threat. We could start the real work in January.


If you are curious and you operate/manage one of the network mentioned
above, please write to me at tornaddos () ddostest me<mailto:tornaddos () ddostest me><mailto:tornaddos () ddostest me> 
from your job email to
confirm the identity. I will then forward you the DDoS details.

Best regards

Jean St-Laurent
ddostest.me<http://ddostest.me/><http://ddostest.me/>
365 boul. Sir-Wilfrid-Laurier #202
Beloeil, QC J3G 4T2




--

Alexander Lyamin

CEO | Qrator <http://qrator.net/>* Labs*

office: 8-800-3333-LAB (522)

mob: +7-916-9086122

skype: melanor9

mailto:  la () qrator net<mailto:la () qrator net><mailto:la () qrator net>