nanog mailing list archives
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
From: Mike Hammett <nanog () ics-il net>
Date: Thu, 22 Dec 2016 07:51:25 -0600 (CST)
Let's wait and see if his stated message of being here to discuss technical matters of the vulnerability with the aforementioned carriers bears anything out. If not, don the torches. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "j j santanna" <j.j.santanna () utwente nl> To: jean () ddostest me Cc: nanog () nanog org Sent: Thursday, December 22, 2016 5:01:23 AM Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack I am saying! As far as I understand you are offering DDoS attacks as a paid service, right? Some people would say that you offer DDoS for hire. What is the difference between your service and a Booter service. Only a “validation" that your client is “stress testing” him/herself does not make you legal. Sorry man but you can NOT claim yourself as a legal/moral acceptable stress tester if you misuse devices on the Internet, such as amplifiers, webshell, and botnets. Although you don’t consider yourself a Booter, you are one of them! I leave up to you the definition of stupid. Cheers, Jair Santanna jairsantanna.com<http://jairsantanna.com> On 22 Dec 2016, at 11:45, Jean | ddostest.me<http://ddostest.me> <jean () ddostest me<mailto:jean () ddostest me>> wrote: I admit that I have a lot of guts. Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me. I want to help and fix things and I am not the kind of person to break things. Jean On 16-12-22 03:46 AM, j.j.santanna () utwente nl<mailto:j.j.santanna () utwente nl> wrote: Hi Jean, You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral. In case you use your own infrastructure or rent a legal (cloud) infrastructure to provide your "service" it will not pay your costs. Not at least by the price that you offer your service: 0, 13, 100 bucks. Even if you have a legal/moral acceptable attack infrastructure, if you throw those big attacks that you advertise will possibly take down many others third-parties on the way. Sometimes you folks say that (mis)use amplifiers for “testing” purpose is not a problem because those services are open and publicly available on the Internet. Come on… if I leave my car open with the key inside it doesn’t give you the right to use my car to throw into a third party company. And if you do, it is YOUR CRIME, not mine. I don’t need to explain why using botnets is illegal and immoral, right? Man, it is up to you decide between cyber crime and cyber security (https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/cyber-crime-vs-cyber-security-what-will-you-choose). Now, we are also looking to you on http://booterblacklist.com<http://booterblacklist.com/>. Thanks! Cheers, Jair Santanna On 22 Dec 2016, at 07:51, Alexander Lyamin <la () qrator net<mailto:la () qrator net><mailto:la () qrator net>> wrote: I am just trying to grasp what is similarity between networks on the list and why it doesn't include, say NTT or Cogent. On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/><http://ddostest.me/> via NANOG < nanog () nanog org<mailto:nanog () nanog org><mailto:nanog () nanog org>> wrote: Hello all, I'm a first time poster here and hope to follow all rules. I found a new way to amplify traffic that would generate really high volume of traffic.+10Tbps ** There is no need for spoofing ** so any device in the world could initiate a really big attack or be part of an attack. We talk about an amplification factor x100+. This mean that a single computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS. Imagine what a botnet could do? The list of affected business is huge and I would like to privately disclose the details to the Tier1 ISP as they are highly vulnerable. XO Comm PSINET Level 3 Qwest Windstream Comm Eearthlink MCI Comm/Verizon Buss Comcast Cable Comm AT&T Sprint I know it's Christmas time and there is no rush in disclosing this but, it could be a nice opportunity to meditate and shed some lights on this new DDoS threat. We could start the real work in January. If you are curious and you operate/manage one of the network mentioned above, please write to me at tornaddos () ddostest me<mailto:tornaddos () ddostest me><mailto:tornaddos () ddostest me> from your job email to confirm the identity. I will then forward you the DDoS details. Best regards Jean St-Laurent ddostest.me<http://ddostest.me/><http://ddostest.me/> 365 boul. Sir-Wilfrid-Laurier #202 Beloeil, QC J3G 4T2 -- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: la () qrator net<mailto:la () qrator net><mailto:la () qrator net>
Current thread:
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack, (continued)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Jean | ddostest.me via NANOG (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Ken Chase (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack William Herrin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Tom Beecher (Dec 22)
- Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack Roland Dobbins (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack j.j.santanna (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Alexander Lyamin (Dec 22)
- Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack Mike Hammett (Dec 22)