nanog mailing list archives
Re: Getting hit hard by CHINANET
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Wed, 18 Mar 2015 16:43:17 +0700
On 18 Mar 2015, at 13:24, Mike Hale wrote:
Would you mind sharing more details on what you've seen regarding the various miscreants screwing with each others' devices?
They will DDoS and/or work to subvert the C&C infrastructure of botnets run by other miscreants due as a form of retaliation for illicit deals gone wrong, in order to inconvenience perceived competitors, due to 'talking smack' on underground forums, etc.
It is quite common for compromised servers to be utilized as botnet C&C servers, with the legitimate owners/operators of said servers being totally unaware of this activity - and thus surprised when they're suddenly on the receiving end of DDoS attacks which are actually spurred by inter-miscreant rivalries. We've observed intra-IDC DDoS attacks launched from hosts belonging to one customer of a host/colocation/VPS provider against hosts belonging to another customer of the same provider, for example; we've even seen the same server compromised by two different groups of miscreants attacked by both groups of miscreants, in this context.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- RE: Getting hit hard by CHINANET, (continued)
- RE: Getting hit hard by CHINANET Eric Rogers (Mar 18)
- Re: Getting hit hard by CHINANET Ray Soucy (Mar 23)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 23)
- Re: Getting hit hard by CHINANET Ca By (Mar 23)
- Re: Getting hit hard by CHINANET Justin M. Streiner (Mar 23)
- Re: Getting hit hard by CHINANET Ca By (Mar 23)
- Re: Getting hit hard by CHINANET Paul S. (Mar 23)
- Re: Getting hit hard by CHINANET Colin Johnston (Mar 18)
- Re: Getting hit hard by CHINANET Mike Hale (Mar 17)
- Re: Getting hit hard by CHINANET Roland Dobbins (Mar 18)