[Tier1 ISP]: Vulnerable to a new DDoS amplification attack
nanog at ics-il.net
Thu Dec 22 13:51:25 UTC 2016
Let's wait and see if his stated message of being here to discuss technical matters of the vulnerability with the aforementioned carriers bears anything out. If not, don the torches.
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "j j santanna" <j.j.santanna at utwente.nl>
To: jean at ddostest.me
Cc: nanog at nanog.org
Sent: Thursday, December 22, 2016 5:01:23 AM
Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
I am saying!
As far as I understand you are offering DDoS attacks as a paid service, right? Some people would say that you offer DDoS for hire. What is the difference between your service and a Booter service. Only a “validation" that your client is “stress testing” him/herself does not make you legal. Sorry man but you can NOT claim yourself as a legal/moral acceptable stress tester if you misuse devices on the Internet, such as amplifiers, webshell, and botnets.
Although you don’t consider yourself a Booter, you are one of them!
I leave up to you the definition of stupid.
On 22 Dec 2016, at 11:45, Jean | ddostest.me<http://ddostest.me> <jean at ddostest.me<mailto:jean at ddostest.me>> wrote:
I admit that I have a lot of guts.
Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me.
I want to help and fix things and I am not the kind of person to break things.
On 16-12-22 03:46 AM, j.j.santanna at utwente.nl<mailto:j.j.santanna at utwente.nl> wrote:
You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral. In case you use your own infrastructure or rent a legal (cloud) infrastructure to provide your "service" it will not pay your costs. Not at least by the price that you offer your service: 0, 13, 100 bucks. Even if you have a legal/moral acceptable attack infrastructure, if you throw those big attacks that you advertise will possibly take down many others third-parties on the way.
Sometimes you folks say that (mis)use amplifiers for “testing” purpose is not a problem because those services are open and publicly available on the Internet. Come on… if I leave my car open with the key inside it doesn’t give you the right to use my car to throw into a third party company. And if you do, it is YOUR CRIME, not mine.
I don’t need to explain why using botnets is illegal and immoral, right?
Man, it is up to you decide between cyber crime and cyber security (https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/cyber-crime-vs-cyber-security-what-will-you-choose). Now, we are also looking to you on http://booterblacklist.com<http://booterblacklist.com/>. Thanks!
On 22 Dec 2016, at 07:51, Alexander Lyamin <la at qrator.net<mailto:la at qrator.net><mailto:la at qrator.net>> wrote:
I am just trying to grasp what is similarity between networks on the list
and why it doesn't include, say NTT or Cogent.
On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me<http://ddostest.me/><http://ddostest.me/> via NANOG <
nanog at nanog.org<mailto:nanog at nanog.org><mailto:nanog at nanog.org>> wrote:
Hello all, I'm a first time poster here and hope to follow all rules.
I found a new way to amplify traffic that would generate really high
volume of traffic.+10Tbps
** There is no need for spoofing ** so any device in the world could
initiate a really big attack or be part of an attack.
We talk about an amplification factor x100+. This mean that a single
computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.
Imagine what a botnet could do?
The list of affected business is huge and I would like to privately
disclose the details to the Tier1 ISP as they are highly vulnerable.
MCI Comm/Verizon Buss
Comcast Cable Comm
I know it's Christmas time and there is no rush in disclosing this but, it
could be a nice opportunity to meditate and shed some lights on this new
DDoS threat. We could start the real work in January.
If you are curious and you operate/manage one of the network mentioned
above, please write to me at tornaddos at ddostest.me<mailto:tornaddos at ddostest.me><mailto:tornaddos at ddostest.me> from your job email to
confirm the identity. I will then forward you the DDoS details.
365 boul. Sir-Wilfrid-Laurier #202
Beloeil, QC J3G 4T2
CEO | Qrator <http://qrator.net/>* Labs*
office: 8-800-3333-LAB (522)
mailto: la at qrator.net<mailto:la at qrator.net><mailto:la at qrator.net>
More information about the NANOG