nanog mailing list archives
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
From: Alexander Lyamin <la () qrator net>
Date: Thu, 22 Dec 2016 16:53:46 +0300
I just reviewed our data at http://radar.qrator.net provided network list. I am highly skeptical. <tapping my feet neurotically> On Thu, Dec 22, 2016 at 4:51 PM, Mike Hammett <nanog () ics-il net> wrote:
Let's wait and see if his stated message of being here to discuss technical matters of the vulnerability with the aforementioned carriers bears anything out. If not, don the torches. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "j j santanna" <j.j.santanna () utwente nl> To: jean () ddostest me Cc: nanog () nanog org Sent: Thursday, December 22, 2016 5:01:23 AM Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack I am saying! As far as I understand you are offering DDoS attacks as a paid service, right? Some people would say that you offer DDoS for hire. What is the difference between your service and a Booter service. Only a “validation" that your client is “stress testing” him/herself does not make you legal. Sorry man but you can NOT claim yourself as a legal/moral acceptable stress tester if you misuse devices on the Internet, such as amplifiers, webshell, and botnets. Although you don’t consider yourself a Booter, you are one of them! I leave up to you the definition of stupid. Cheers, Jair Santanna jairsantanna.com<http://jairsantanna.com> On 22 Dec 2016, at 11:45, Jean | ddostest.me<http://ddostest.me> < jean () ddostest me<mailto:jean () ddostest me>> wrote: I admit that I have a lot of guts. Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me. I want to help and fix things and I am not the kind of person to break things. Jean On 16-12-22 03:46 AM, j.j.santanna () utwente nl<mailto: j.j.santanna () utwente nl> wrote: Hi Jean, You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral. In case you use your own infrastructure or rent a legal (cloud) infrastructure to provide your "service" it will not pay your costs. Not at least by the price that you offer your service: 0, 13, 100 bucks. Even if you have a legal/moral acceptable attack infrastructure, if you throw those big attacks that you advertise will possibly take down many others third-parties on the way. Sometimes you folks say that (mis)use amplifiers for “testing” purpose is not a problem because those services are open and publicly available on the Internet. Come on… if I leave my car open with the key inside it doesn’t give you the right to use my car to throw into a third party company. And if you do, it is YOUR CRIME, not mine. I don’t need to explain why using botnets is illegal and immoral, right? Man, it is up to you decide between cyber crime and cyber security ( https://www.europol.europa.eu/activities-services/public- awareness-and-prevention-guides/cyber-crime-vs-cyber- security-what-will-you-choose). Now, we are also looking to you on http://booterblacklist.com<http://booterblacklist.com/>. Thanks! Cheers, Jair Santanna On 22 Dec 2016, at 07:51, Alexander Lyamin <la () qrator net<mailto:la@ qrator.net><mailto:la () qrator net>> wrote: I am just trying to grasp what is similarity between networks on the list and why it doesn't include, say NTT or Cogent. On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/>< http://ddostest.me/> via NANOG < nanog () nanog org<mailto:nanog () nanog org><mailto:nanog () nanog org>> wrote: Hello all, I'm a first time poster here and hope to follow all rules. I found a new way to amplify traffic that would generate really high volume of traffic.+10Tbps ** There is no need for spoofing ** so any device in the world could initiate a really big attack or be part of an attack. We talk about an amplification factor x100+. This mean that a single computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS. Imagine what a botnet could do? The list of affected business is huge and I would like to privately disclose the details to the Tier1 ISP as they are highly vulnerable. XO Comm PSINET Level 3 Qwest Windstream Comm Eearthlink MCI Comm/Verizon Buss Comcast Cable Comm AT&T Sprint I know it's Christmas time and there is no rush in disclosing this but, it could be a nice opportunity to meditate and shed some lights on this new DDoS threat. We could start the real work in January. If you are curious and you operate/manage one of the network mentioned above, please write to me at tornaddos () ddostest me<mailto:t ornaddos () ddostest me><mailto:tornaddos () ddostest me> from your job email to confirm the identity. I will then forward you the DDoS details. Best regards Jean St-Laurent ddostest.me<http://ddostest.me/><http://ddostest.me/> 365 boul. Sir-Wilfrid-Laurier #202 Beloeil, QC J3G 4T2 -- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la () qrator net<mailto:la () qrator net><mailto:la () qrator net>
-- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la () qrator net
Current thread:
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack, (continued)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Ken Chase (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack William Herrin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)