![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: EVERYTHING about Booters (and CloudFlare)
From: chris <tknchris () gmail com>
Date: Thu, 28 Jul 2016 12:27:52 -0400
They don't discriminate, anyone can be a customer https://www.youtube.com/watch?v=T4GfoSZ_sDc great quote from the reporter "why do you need a court order to do the right thing?" On Thu, Jul 28, 2016 at 12:20 PM, Phil Rosenthal <pr () isprime com> wrote:
Keep in mind also, the victims of these DDoS attacks do not know which "booter" service was paid to attack them. The packets do not have "Stress test provided by vBooter" in them. The attack packets do not come from the booter's or Cloudflare's IP addresses, they come from secondary victims -- compromised servers, PC's infected with malware, and abused DNS/NTP [and a few other protocols] reflectors. It is impossible for a victim to submit a complaint to Cloudflare stating "I was attacked by someone paying vBooter", because they do not know which of the numerous "booter" services was responsible. -PhilOn Jul 28, 2016, at 12:12 PM, Naslund, Steve <SNaslund () medline com>wrote:Miles is right. Their thinly veiled "stress tester" thing is not goingto be much of a defense. They must not have very good legal counsel. Here is the issue. Stress testing is perfectly legal as long as I am:a) Stress testing my own stuff b) Stress testing your stuff WITH YOUR CONSENT Selling a product or service that is unsafe can lead to serious civilconsequences. For example, I sell you roach killer and don't warn you that it will also kill every other living thing in your home, I am going to get sued and lose badly.Let's say I am running a demolition company that offers to knock downany house for a price. Don't you think I have a responsibility to verify that you own the house you just asked me to knock down? (by the way, this has happened in the real world -wrong address on paperwork- and the demolition company was held liable) Obviously I have that responsibility and obviously the same rules would apply to any service that can potentially damage someone's property.Steven Naslund Chicago ILLet's see: Vbooter (on their home page) claims: "#1 FREE WEBBASED SERVER STRESSER" "Using vBooter you can take down home internet connections, websitesand game servers such us Minecraft, XBOX Live, PSN and many more.""You don't have to pay anything in order to use this stresser! Inaddition there are NO limits if you are a free user."So they're advertising a free service that explicitly offers DDoScapabilities.Now - with the caveat that I'm not a lawyer, and I'm talking from a USperspective only - as a sometimes hosting provider who pays attention to our legal liabilities, and >who's had one of our boxes compromised and used to vector a DDoS against a gaming site....1. DDoS is clearly illegal under multiple statutes - most notably theComputer Fraud and Abuse Act - see https://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf- for a Justice Dept. memo on "Prosecuting Computer Crimes." Whencoupled with threats, requests for payoffs, etc. - it expands into lots of other crimes (e.g., >extortion). And that's before one starts attacking Government-owned computer systems.2. One might infer that, while "stress testing" is a legitimate anduseful service - under specific circumstances, vBooter's tools might also fall under laws regarding >being an accomplice to a criminal act, aiding & abetting, "burglar's tools," etc., and more generally "creating a public nuisance."3. There are also various (mostly state) laws against the sale ofburglar's tools (e.g., sale of a lockpick to someone who's not a professional locksmith). I expect some >of those laws might apply.4. All of those certainly could be applied to vBooter.org. WhetherCloudflare is liable for anything would seem to depend on whether Cloudflare is complicit in the use >of vBooter's use for criminal purposes, or promoting it's use therefore. Hosting would certainly fall into that category - and while, I have no direct knowledge that >Cloudflare hosts vBooter, they do provide nameservice, and their web server's IP address is in a network block registered to Cloudflare - that would seem to establishcomplicity. Now if Cloudflare were to actively suggest that folks usevBooter to test systems, as a way to boost sales for Cloudflare - that would certainly be an >interesting test case for RICO (akin to McAfee encouraging folks to write and release viruses).As to whether "Nothing is going to happen" - I expect something WILLhappen, when somebody big, with a good legal department, gets hit by a really damaging DDoS attack, >and starts looking for some deep pockets to sue. Or, if somebody attacks the wrong Government computer and the FBI, or DoD, or DHS get ticked off.It will make for very good theater - at least for anyone not directlyin the cross-hairs.Miles Fidelman
Current thread:
- Re: EVERYTHING about Booters (and CloudFlare), (continued)
- Re: EVERYTHING about Booters (and CloudFlare) Alain Hebert (Jul 28)
- RE: EVERYTHING about Booters (and CloudFlare) Naslund, Steve (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Aaron (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Paul WALL (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Paras Jha (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Miles Fidelman (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Niels Bakker (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Miles Fidelman (Jul 28)
- RE: EVERYTHING about Booters (and CloudFlare) Naslund, Steve (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Phil Rosenthal (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) chris (Jul 28)
- RE: EVERYTHING about Booters (and CloudFlare) Naslund, Steve (Jul 28)
- Re: EVERYTHING about Booters (and CloudFlare) Phil Rosenthal (Jul 28)
- RE: EVERYTHING about Booters (and CloudFlare) Naslund, Steve (Jul 28)
- RE: EVERYTHING about Booters (and CloudFlare) Naslund, Steve (Jul 28)
- Cloudflare, dirty networks and politricks J. Oquendo (Jul 28)
- RE: Cloudflare, dirty networks and politricks Naslund, Steve (Jul 28)
- Re: Cloudflare, dirty networks and politricks J. Oquendo (Jul 28)
- Re: Cloudflare, dirty networks and politricks McDonald Richards (Jul 28)
- Re: Cloudflare, dirty networks and politricks J. Oquendo (Jul 28)
- Re: Cloudflare, dirty networks and politricks Seth Mattinen (Jul 28)