DDoS attack with blackmail

Wed Jun 9 14:27:43 UTC 2021

Hey,

Did you get the attack promised ? after 1 week after notice ?

Today we've been warned and got some udp flood for 3 hours.

On Tue, May 25, 2021 at 2:14 PM Jean St-Laurent via NANOG <nanog at nanog.org>
wrote:

> I don’t believe that these companies are complicit at high level.
>
> My guess is that there are some business salesmen working there that needs
> to fulfill their monthly quota of new clients.
>
>
>
> What is usually common, is that when face by a DDoS for the first time
> without the  proper tooling, it sounds like it’s an impossible task to
> solve. The knowledge on internet is pretty limited on the topic.
>
> It takes months and sometimes years to configure all the DDoS gates.
> Rolland’s ppt is a nice place to start as it has valuable knowledge. It’s
> just tough to figure out what is best for you.
>
>
>
> The truth is, it will be more beneficial to your organisation in the
> medium/long term if you start learning and improving your DDoS defenses now
> than to rely 100% on DDoS mitigators.
>
> These companies are fantastic when you protect slow assets like Credit
> card transactions. The customer don’t really care if his transaction to
> validate the CC takes 4 seconds instead of 3.
>
>
>
> In the end, DDoS mitigations is not more complex than what you are used to
> do daily. Protect your routers, protect the control-plane, protect the SSH
> lines, etc. It’s just a different kind of protections.
>
>
>
> Let me know if you need some advices or hints, because I’ve spent some
> freaking long hours fighting them and together we have a better chance to
> win and not pay ransom from blackmails.
>
> I don’t have all the answers on DDoS, but maybe I have the one that you
> are looking for.
>
>
>
> The moment you become very resilient to DDoS attacks, your customers will
> thank you and also support staff that will see the DDoS bounce like
> mosquitoes on the windshield of your car at 90 Mph.
>
>
>
> Start learning now and start improving your DDoS. This won’t go away
> anytime soon.
>
>
>
> Jean
>
>
>
>
>
> *From:* jim deleskie <deleskie at gmail.com>
> *Sent:* May 24, 2021 12:38 PM
> *To:* Jean St-Laurent <jean at ddostest.me>
> *Cc:* NANOG Operators' Group <nanog at nanog.org>
> *Subject:* Re: DDoS attack with blackmail
>
>
>
> While I have no design to engage in over email argument over how much
> latency people can actually tolerate, I will simply state that most people
> have a very poor understanding of it and how much additional latency is
> really introduced by DDoS mitigation.
>
>
>
> As for implying that DDoS mitigation companies are complicit or involved
> in attacks, while not the first time i heard that crap it's pretty
> offensive to those that work long hours for years dealing with the
> garbage.  If you honestly believe anyone your dealing with is involved with
> launching attacks you clearly have not done your research into potential
> partners.
>
>
>
>
>
>
>
> On Sat., May 22, 2021, 11:20 a.m. Jean St-Laurent via NANOG, <
> nanog at nanog.org> wrote:
>
> Some industries can’t afford that extra delay by DDoS mitigation vendors.
>
>
>
> The video game industry is one of them and there might be others that
> can’t tolerate these extra ms. Telemedicine, video-conference, fintech, etc.
>
>
>
> As a side note, my former employer in video game was bidding for these
> vendors offering DDoS protection. While bidding, we were hit with abnormal
> patterns. As soon as we chose one vendors those very tricky DDoS patterns
> stopped.
>
> I am not saying they are working on both side, but still the coincidence
> was interesting. In the end, we never used them because they were not able
> to perfectly block the threat without impacting all the others projects.
>
>
>
> I think these mitigators are nice to have as a very last resort. I believe
> what is more important for Network Operators is: to be aware of this, to be
> able to detect it, mitigate it and/or minimize the impact. It’s like magic,
> where did that rabbit go?
>
>
>
> The art of war taught me everything there is to know about DDoS attacks
> even if it was written some 2500 years ago.
>
>
>
> I suspect that the attack that impacted Baldur’s assets was a very easy
> DDoS to detect and block, but can’t confirm.
>
>
>
> @Baldur: do you care to share some metrics?
>
>
>
> Jean
>
>
>
> *From:* NANOG <nanog-bounces+jean=ddostest.me at nanog.org> *On Behalf Of *Jean
> St-Laurent via NANOG
> *Sent:* May 21, 2021 10:52 AM
> *To:* 'Lady Benjamin Cannon of Glencoe, ASCE' <lb at 6by7.net>; 'Baldur
> Norddahl' <baldur.norddahl at gmail.com>
> *Cc:* 'NANOG Operators' Group' <nanog at nanog.org>
> *Subject:* RE: DDoS attack with blackmail
>
>
>
> I also recommend book Art of War from Sun Tzu.
>
>
>
> All the answers to your questions are in that book.
>
>
>
> Jean
>
>
>
> *From:* NANOG <nanog-bounces+jean=ddostest.me at nanog.org> *On Behalf Of *Lady
> Benjamin Cannon of Glencoe, ASCE
> *Sent:* May 20, 2021 7:18 PM
> *To:* Baldur Norddahl <baldur.norddahl at gmail.com>
> *Cc:* NANOG Operators' Group <nanog at nanog.org>
> *Subject:* Re: DDoS attack with blackmail
>
>
>
> 20 years ago I wrote an automatic teardrop attack.  If your IP spammed us
> 5 times, then a script would run, knocking the remote host off the internet
> entirely.
>
>
>
> Later I modified it to launch 1000 teardrop attacks/second…
>
>
>
> Today,  contact the FBI.
>
>
>
> And get a mitigation service above your borders if you can.
>
>
>
>
>
> —L.B.
>
>
>
> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE
>
> 6x7 Networks & 6x7 Telecom, LLC
>
> CEO
>
> lb at 6by7.net
>
> "The only fully end-to-end encrypted global telecommunications company in
> the world.”
>
> FCC License KJ6FJJ
>
>
>
>
> On May 20, 2021, at 12:26 PM, Baldur Norddahl <baldur.norddahl at gmail.com>
> wrote:
>
>
>
> Hello
>
>
>
> We got attacked by a group that calls themselves "Fancy Lazarus". They
> want payment in BC to not attack us again. The attack was a volume attack
> to our DNS and URL fetch from our webserver.
>
>
>
> I am interested in any experience in fighting back against these guys.
>
>
>
> Thanks,
>
>
>
> Baldur
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210609/c5bd6540/attachment.html>