nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app

From: "Frank Bulk" <frnkblk () iname com>
Date: Tue, 15 Dec 2015 16:36:21 -0600
Good stuff from Duane here:
http://www.circleid.com/posts/20151215_verisign_perspective_on_recent_root_s
erver_attacks/

Frank

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Tony Finch
Sent: Monday, December 14, 2015 4:27 AM
To: Jim Shankland <nanog () shankland org>
Cc: nanog () nanog org
Subject: Re: John McAfee: Massive DDoS attack on the internet was from
smartphone botnet on popular app

Jim Shankland <nanog () shankland org> wrote:


Also, this jumped out at me:

"The problem with the recent attack is that the originating IP addresses

were

evenly distributed within the IPV4 universe," McAfee says. "This is

virtually

impossible using spoofing."

Am I missing something, or is an even distribution of originating IP

addresses

virtually impossible *without* using spoofing?


You are correct and McAfee is confused.

http://root-servers.org/news/events-of-20151130.txt

   DNS root name servers that use IP anycast observed this
   traffic at a significant number of anycast sites.

This implies that the botnet was widely distributed.

   The source addresses of these particular queries appear to be
   randomized and distributed throughout the IPv4 address space.

This says the attackers also used spoofing.

Tony.
-- 
f.anthony.n.finch  <dot () dotat at>  http://dotat.at/
Rockall, Malin, Hebrides, Bailey: East 5 to 7, occasionally gale 8 in
Rockall.
Moderate or rough, occasionally very rough in Rockall. Occasional rain.
Good,
occasionally poor.
Previous By Date Next
Previous By Thread Next

Current thread: