[Tier1 ISP]: Vulnerable to a new DDoS amplification attack

William Herrin bill at herrin.us
Thu Dec 22 16:48:14 UTC 2016

On Thu, Dec 22, 2016 at 11:04 AM, Ken Chase <math at sizone.org> wrote:
> Maybe he's found what's already known and posted 2 months ago (and every 2 months?)
> on nanog, the TCP 98,000x amplifier (which is a little higher than 100x), among
> dozens of misbehaving devices, all >200x amp.
>  https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf

Hi Ken,

He said, "There is no need for spoofing " so it wouldn't be that one.


Respectfully: you're not well known to us as having identified earth
shattering vulnerabilities in the past. We hear about utterly
unimportant "priority one" events every single day, so without enough
information to assess whether you're looking at is something new,
important or even possible within our various architectures, few of us
will be inclined to take you seriously.

We're all too familiar with the consequence of giving credence to
people who say "believe me" instead of offering verifiable fact.

I respect that you're trying to help, but "I have something important
to tell you, please contact me off list" is not the way to do that.

And if it turns out we should have listened and kept this secret as
long as possible, well, that's on us. ;)

Bill Herrin

William Herrin ................ herrin at dirtside.com  bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>

More information about the NANOG mailing list