John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app
frnkblk at iname.com
Tue Dec 15 22:36:21 UTC 2015
Good stuff from Duane here:
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Tony Finch
Sent: Monday, December 14, 2015 4:27 AM
To: Jim Shankland <nanog at shankland.org>
Cc: nanog at nanog.org
Subject: Re: John McAfee: Massive DDoS attack on the internet was from
smartphone botnet on popular app
Jim Shankland <nanog at shankland.org> wrote:
> Also, this jumped out at me:
> "The problem with the recent attack is that the originating IP addresses
> evenly distributed within the IPV4 universe," McAfee says. "This is
> impossible using spoofing."
> Am I missing something, or is an even distribution of originating IP
> virtually impossible *without* using spoofing?
You are correct and McAfee is confused.
DNS root name servers that use IP anycast observed this
traffic at a significant number of anycast sites.
This implies that the botnet was widely distributed.
The source addresses of these particular queries appear to be
randomized and distributed throughout the IPv4 address space.
This says the attackers also used spoofing.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Rockall, Malin, Hebrides, Bailey: East 5 to 7, occasionally gale 8 in
Moderate or rough, occasionally very rough in Rockall. Occasional rain.
More information about the NANOG