[Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Thu Dec 22 13:21:53 UTC 2016

You're claiming to be able to generate more than 10 times as much traffic
as the largest DDoS ever seen in the wild whilst 3 months into a position
at a company that sells 'self-DDoS' services for testing purposes.

In that absence of anything more than 'GUYZ THIS IS SERIOUS' , with no
technical details, you can surely understand the skepticism.

On Thu, Dec 22, 2016 at 5:45 AM, Jean | ddostest.me via NANOG <
nanog at nanog.org> wrote:

> I admit that I have a lot of guts.
>
> Not sure who said that I am a booter or that I operate a booter. I fight
> booter since more than 5 years and who would be stupid enough to put his
> full name with full address to a respected network operators list?
> Definitely not me.
>
> I want to help and fix things and I am not the kind of person to break
> things.
>
>
> Jean
>
>
> On 16-12-22 03:46 AM, j.j.santanna at utwente.nl wrote:
>
>> Hi Jean,
>>
>> You are either naive or have a lot of guts to offer a Booter service in
>> one of the most respected network operators list. Man, as long as you use
>> amplifiers (third party services) or botnets your “service” is illegal &
>> immoral.  In case you use your own infrastructure or rent a legal (cloud)
>> infrastructure to provide your "service" it will not pay your costs. Not at
>> least by the price that you offer your service: 0,  13, 100 bucks. Even if
>> you have a legal/moral acceptable attack infrastructure, if you throw those
>> big attacks that you advertise will possibly take down many others
>> third-parties on the way.
>>
>> Sometimes you folks say that (mis)use amplifiers for “testing” purpose is
>> not a problem because those services are open and publicly available on the
>> Internet. Come on… if I leave my car open with the key inside it doesn’t
>> give you the right to use my car to throw into a third party company. And
>> if you do, it is YOUR CRIME, not mine.
>>
>> I don’t need to explain why using botnets is illegal and immoral, right?
>>
>> Man, it is up to you decide between cyber crime and cyber security (
>> https://www.europol.europa.eu/activities-services/public-aw
>> areness-and-prevention-guides/cyber-crime-vs-cyber-security-
>> what-will-you-choose). Now, we are also looking to you on
>> http://booterblacklist.com<http://booterblacklist.com/>. Thanks!
>>
>> Cheers,
>>
>> Jair Santanna
>>
>>
>>
>>
>> On 22 Dec 2016, at 07:51, Alexander Lyamin <la at qrator.net<mailto:la at qrato
>> r.net>> wrote:
>>
>> I am just trying to grasp what is similarity between  networks on the list
>> and why it doesn't include, say NTT or Cogent.
>>
>>
>>
>> On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/>
>> via NANOG <
>> nanog at nanog.org<mailto:nanog at nanog.org>> wrote:
>>
>> Hello all, I'm a first time poster here and hope to follow all rules.
>>
>> I found a new way to amplify traffic that would generate really high
>> volume of traffic.+10Tbps
>>
>> ** There is no need for spoofing ** so any device in the world could
>> initiate a really big attack or be part of an attack.
>>
>> We talk about an amplification factor x100+. This mean that a single
>> computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.
>> Imagine what a botnet could do?
>>
>> The list of affected business is huge and I would like to privately
>> disclose the details to the Tier1 ISP as they are highly vulnerable.
>>
>> XO Comm
>> PSINET
>> Level 3
>> Qwest
>> Windstream Comm
>> Eearthlink
>> MCI Comm/Verizon Buss
>> Comcast Cable Comm
>> AT&T
>> Sprint
>>
>> I know it's Christmas time and there is no rush in disclosing this but, it
>> could be a nice opportunity to meditate and shed some lights on this new
>> DDoS threat. We could start the real work in January.
>>
>>
>> If you are curious and you operate/manage one of the network mentioned
>> above, please write to me at tornaddos at ddostest.me<mailto:t
>> ornaddos at ddostest.me> from your job email to
>> confirm the identity. I will then forward you the DDoS details.
>>
>> Best regards
>>
>> Jean St-Laurent
>> ddostest.me<http://ddostest.me/>
>> 365 boul. Sir-Wilfrid-Laurier #202
>> Beloeil, QC J3G 4T2
>>
>>
>>
>>
>> --
>>
>> Alexander Lyamin
>>
>> CEO | Qrator <http://qrator.net/>* Labs*
>>
>> office: 8-800-3333-LAB (522)
>>
>> mob: +7-916-9086122
>>
>> skype: melanor9
>>
>> mailto:  la at qrator.net<mailto:la at qrator.net>
>>
>>