Large DDoS, small extortion

Merike Kaeo merike at
Thu May 22 22:17:40 UTC 2014

I will use this opportunity to solicit real world experience and use cases that
could be discussed at the Security Track at NANOG 61.  While I've been
soliciting talks in operational security specific groups, this thread also
peaked my interest. 

Nothing beats sharing the good, the bad, the ugly and how collectively we
can improve on how we mitigate against varying attacks.

Please respond to me in unicast and let me know if you'd be willing to share 
some experiences.  The Security Track is not recorded nor streamed and
you do not need a formal presentation.

- merike

On May 22, 2014, at 1:38 PM, Barry Shein <bzs at> wrote:

> You know what would be nice? Some real life experience and results,
> case studies.
> I see the "common sense" and "logic" to a lot of these suggestions but
> that and $1.75 plus tax will get you a venti coffee of the day at
> Starbucks.
> Victim: I'd be very wary of these suggestions unless there's some
> good, solid reason to believe they're based on reality not just "I've
> simulated all of human psychology in my head and here's what I think
> you should do..."
> I think it's interesting that the guy asks for such small amounts,
> under US$1000.
> Maybe that's a lot of money for him.
> Maybe he thinks it won't be worth investigating such a small amount.
> Maybe he thinks it's not a very big crime so if he gets caught he's
> more likely to walk.
> Maybe he thinks he's poor/broke and this money is deservedly his to
> demand, it's such a modest demand.
>  Note: He could be factually/legally wrong but that's why I prefaced
>  with "maybe he thinks..."
> Maybe he's a sadist and gets a kick out of making you squirm and the
> money is just his way of keeping score, making you do something
> tangible, kind of like "kiss my boots!"
> Maybe he's insane which voids all of the above.
> Maybe it's some sort of penetration exercise by terrorists, a govt,
> etc.
> Maybe all I've said and $1.75 plus tax...
> -- 
>        -Barry Shein
> The World              | bzs at           |
> Purveyors to the Trade | Voice: 800-THE-WRLD        | Dial-Up: US, PR, Canada
> Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list