Re: DDoS attack with blackmail

[Matt Erculiani <merculiani () gmail com>]

Jim,

While I don't envy those who put in long hours to mitigate DDoSes at the
11th hour, the security industry as a whole, DDoS mitigation included,
doesn't have a perfectly clean track record. Public court records offer
plenty of evidence, and convictions from foul play while trying to win bids.

An individual I worked with previously personally handled a long, drawn out
DDoS event that was ultimately perpetrated by a security contractor bidding
for a job (I didn't work it personally, but it was a frequent topic of
discussion while it was ongoing). Fortunately, after subsequent months of
law enforcement investigation, the contractor was brought up on charges.

It's definitely not "crap" , it's a fact, albeit not necessarily common.

-Matt

On Mon, May 24, 2021 at 10:38 AM jim deleskie <deleskie () gmail com> wrote:

> While I have no design to engage in over email argument over how much
> latency people can actually tolerate, I will simply state that most people
> have a very poor understanding of it and how much additional latency is
> really introduced by DDoS mitigation.
>
> As for implying that DDoS mitigation companies are complicit or involved
> in attacks, while not the first time i heard that crap it's pretty
> offensive to those that work long hours for years dealing with the
> garbage.  If you honestly believe anyone your dealing with is involved with
> launching attacks you clearly have not done your research into potential
> partners.
>
>
>
> On Sat., May 22, 2021, 11:20 a.m. Jean St-Laurent via NANOG, <
> nanog () nanog org> wrote:
>
> > Some industries can’t afford that extra delay by DDoS mitigation vendors.
> >
> >
> >
> > The video game industry is one of them and there might be others that
> > can’t tolerate these extra ms. Telemedicine, video-conference, fintech, etc.
> >
> >
> >
> > As a side note, my former employer in video game was bidding for these
> > vendors offering DDoS protection. While bidding, we were hit with abnormal
> > patterns. As soon as we chose one vendors those very tricky DDoS patterns
> > stopped.
> >
> > I am not saying they are working on both side, but still the coincidence
> > was interesting. In the end, we never used them because they were not able
> > to perfectly block the threat without impacting all the others projects.
> >
> >
> >
> > I think these mitigators are nice to have as a very last resort. I
> > believe what is more important for Network Operators is: to be aware of
> > this, to be able to detect it, mitigate it and/or minimize the impact. It’s
> > like magic, where did that rabbit go?
> >
> >
> >
> > The art of war taught me everything there is to know about DDoS attacks
> > even if it was written some 2500 years ago.
> >
> >
> >
> > I suspect that the attack that impacted Baldur’s assets was a very easy
> > DDoS to detect and block, but can’t confirm.
> >
> >
> >
> > @Baldur: do you care to share some metrics?
> >
> >
> >
> > Jean
> >
> >
> >
> > *From:* NANOG <nanog-bounces+jean=ddostest.me () nanog org> *On Behalf Of *Jean
> > St-Laurent via NANOG
> > *Sent:* May 21, 2021 10:52 AM
> > *To:* 'Lady Benjamin Cannon of Glencoe, ASCE' <lb () 6by7 net>; 'Baldur
> > Norddahl' <baldur.norddahl () gmail com>
> > *Cc:* 'NANOG Operators' Group' <nanog () nanog org>
> > *Subject:* RE: DDoS attack with blackmail
> >
> >
> >
> > I also recommend book Art of War from Sun Tzu.
> >
> >
> >
> > All the answers to your questions are in that book.
> >
> >
> >
> > Jean
> >
> >
> >
> > *From:* NANOG <nanog-bounces+jean=ddostest.me () nanog org> *On Behalf Of *Lady
> > Benjamin Cannon of Glencoe, ASCE
> > *Sent:* May 20, 2021 7:18 PM
> > *To:* Baldur Norddahl <baldur.norddahl () gmail com>
> > *Cc:* NANOG Operators' Group <nanog () nanog org>
> > *Subject:* Re: DDoS attack with blackmail
> >
> >
> >
> > 20 years ago I wrote an automatic teardrop attack.  If your IP spammed us
> > 5 times, then a script would run, knocking the remote host off the internet
> > entirely.
> >
> >
> >
> > Later I modified it to launch 1000 teardrop attacks/second…
> >
> >
> >
> > Today,  contact the FBI.
> >
> >
> >
> > And get a mitigation service above your borders if you can.
> >
> >
> >
> >
> >
> > —L.B.
> >
> >
> >
> > Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
> >
> > 6x7 Networks & 6x7 Telecom, LLC
> >
> > CEO
> >
> > lb () 6by7 net
> >
> > "The only fully end-to-end encrypted global telecommunications company in
> > the world.”
> >
> > FCC License KJ6FJJ
> >
> >
> >
> >
> > On May 20, 2021, at 12:26 PM, Baldur Norddahl <baldur.norddahl () gmail com>
> > wrote:
> >
> >
> >
> > Hello
> >
> >
> >
> > We got attacked by a group that calls themselves "Fancy Lazarus". They
> > want payment in BC to not attack us again. The attack was a volume attack
> > to our DNS and URL fetch from our webserver.
> >
> >
> >
> > I am interested in any experience in fighting back against these guys.
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Baldur

-- 
Matt Erculiani
ERCUL-ARIN