EVERYTHING about Booters (and CloudFlare)

Phil Rosenthal pr at isprime.com
Thu Jul 28 16:56:39 UTC 2016


Are you of the opinion that the victim of a DDoS attack who is not a multi-billion-dollar corporation would actually receive help from the FBI as a result of a DDoS attack?
In the past, I have been told that the dollar-threshold for the FBI to even consider looking at a case was at least $2M in damages. This was 10 years ago, and I can't imagine the threshold has gone down.

-Phil

> On Jul 28, 2016, at 12:51 PM, Naslund, Steve <SNaslund at medline.com> wrote:
> 
> It is not beyond the realm of law enforcement to run down the entire chain of events all the way back to the “whodunit” and “howdunit”.  It is pretty amazing what they can figure out when they put their minds to it and don’t underestimate what they can learn by getting someone in the hot seat under the bare light bulb.  They also have lots of informants.
> 
> Victim complaints don’t matter a bit to these guys, it will take the guys in the windbreakers kicking in the doors one of these days.
> 
> Steven Naslund
> Chicago IL
> 
>> On Thu, Jul 28, 2016 at 12:20 PM, Phil Rosenthal <pr at isprime.com<mailto:pr at isprime.com>> wrote:
>> Keep in mind also, the victims of these DDoS attacks do not know which "booter" service was paid to attack them. The packets do not have "Stress test provided by vBooter" in them. The attack packets do not ?>come from the booter's or Cloudflare's IP addresses, they come from secondary victims -- compromised servers, PC's infected with malware, and abused DNS/NTP [and a few other protocols] reflectors.
>> 
>> It is impossible for a victim to submit a complaint to Cloudflare stating "I was attacked by someone paying vBooter", because they do not know which of the numerous "booter" services was responsible.
>> 
>> -Phil




More information about the NANOG mailing list