RE: DDoS attack with blackmail

[Jean St-Laurent via NANOG <nanog () nanog org>]

Some industries can’t afford that extra delay by DDoS mitigation vendors.

 

The video game industry is one of them and there might be others that can’t tolerate these extra ms. Telemedicine, 
video-conference, fintech, etc.

 

As a side note, my former employer in video game was bidding for these vendors offering DDoS protection. While bidding, 
we were hit with abnormal patterns. As soon as we chose one vendors those very tricky DDoS patterns stopped.

I am not saying they are working on both side, but still the coincidence was interesting. In the end, we never used 
them because they were not able to perfectly block the threat without impacting all the others projects.

 

I think these mitigators are nice to have as a very last resort. I believe what is more important for Network Operators 
is: to be aware of this, to be able to detect it, mitigate it and/or minimize the impact. It’s like magic, where did 
that rabbit go?

 

The art of war taught me everything there is to know about DDoS attacks even if it was written some 2500 years ago.

 

I suspect that the attack that impacted Baldur’s assets was a very easy DDoS to detect and block, but can’t confirm.

 

@Baldur: do you care to share some metrics?

 

Jean

 

From: NANOG <nanog-bounces+jean=ddostest.me () nanog org> On Behalf Of Jean St-Laurent via NANOG
Sent: May 21, 2021 10:52 AM
To: 'Lady Benjamin Cannon of Glencoe, ASCE' <lb () 6by7 net>; 'Baldur Norddahl' <baldur.norddahl () gmail com>
Cc: 'NANOG Operators' Group' <nanog () nanog org>
Subject: RE: DDoS attack with blackmail

 

I also recommend book Art of War from Sun Tzu.

 

All the answers to your questions are in that book.

 

Jean

 

From: NANOG <nanog-bounces+jean=ddostest.me () nanog org <mailto:nanog-bounces+jean=ddostest.me () nanog org> > On 
Behalf Of Lady Benjamin Cannon of Glencoe, ASCE
Sent: May 20, 2021 7:18 PM
To: Baldur Norddahl <baldur.norddahl () gmail com <mailto:baldur.norddahl () gmail com> >
Cc: NANOG Operators' Group <nanog () nanog org <mailto:nanog () nanog org> >
Subject: Re: DDoS attack with blackmail

 

20 years ago I wrote an automatic teardrop attack.  If your IP spammed us 5 times, then a script would run, knocking 
the remote host off the internet entirely.

 

Later I modified it to launch 1000 teardrop attacks/second…

 

Today,  contact the FBI.

 

And get a mitigation service above your borders if you can.

 

 

—L.B.

 

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE

6x7 Networks & 6x7 Telecom, LLC 

CEO 

lb () 6by7 net <mailto:lb () 6by7 net> 

"The only fully end-to-end encrypted global telecommunications company in the world.”

FCC License KJ6FJJ




 

On May 20, 2021, at 12:26 PM, Baldur Norddahl <baldur.norddahl () gmail com <mailto:baldur.norddahl () gmail com> > 
wrote:

 

Hello

 

We got attacked by a group that calls themselves "Fancy Lazarus". They want payment in BC to not attack us again. The 
attack was a volume attack to our DNS and URL fetch from our webserver.

 

I am interested in any experience in fighting back against these guys.

 

Thanks,

 

Baldur