<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-CA link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I don’t believe that these companies are complicit at high level. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>My guess is that there are some business salesmen working there that needs to fulfill their monthly quota of new clients. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>What is usually common, is that when face by a DDoS for the first time without the proper tooling, it sounds like it’s an impossible task to solve. The knowledge on internet is pretty limited on the topic. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>It takes months and sometimes years to configure all the DDoS gates. Rolland’s ppt is a nice place to start as it has valuable knowledge. It’s just tough to figure out what is best for you.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>The truth is, it will be more beneficial to your organisation in the medium/long term if you start learning and improving your DDoS defenses now than to rely 100% on DDoS mitigators. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>These companies are fantastic when you protect slow assets like Credit card transactions. The customer don’t really care if his transaction to validate the CC takes 4 seconds instead of 3.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>In the end, DDoS mitigations is not more complex than what you are used to do daily. Protect your routers, protect the control-plane, protect the SSH lines, etc. It’s just a different kind of protections.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Let me know if you need some advices or hints, because I’ve spent some freaking long hours fighting them and together we have a better chance to win and not pay ransom from blackmails. <o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>I don’t have all the answers on DDoS, but maybe I have the one that you are looking for.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>The moment you become very resilient to DDoS attacks, your customers will thank you and also support staff that will see the DDoS bounce like mosquitoes on the windshield of your car at 90 Mph.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Start learning now and start improving your DDoS. This won’t go away anytime soon.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Jean<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US>From:</span></b><span lang=EN-US> jim deleskie <deleskie@gmail.com> <br><b>Sent:</b> May 24, 2021 12:38 PM<br><b>To:</b> Jean St-Laurent <jean@ddostest.me><br><b>Cc:</b> NANOG Operators' Group <nanog@nanog.org><br><b>Subject:</b> Re: DDoS attack with blackmail<o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>While I have no design to engage in over email argument over how much latency people can actually tolerate, I will simply state that most people have a very poor understanding of it and how much additional latency is really introduced by DDoS mitigation.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>As for implying that DDoS mitigation companies are complicit or involved in attacks, while not the first time i heard that crap it's pretty offensive to those that work long hours for years dealing with the garbage. If you honestly believe anyone your dealing with is involved with launching attacks you clearly have not done your research into potential partners.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Sat., May 22, 2021, 11:20 a.m. Jean St-Laurent via NANOG, <<a href="mailto:nanog@nanog.org">nanog@nanog.org</a>> wrote:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Some industries can’t afford that extra delay by DDoS mitigation vendors.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The video game industry is one of them and there might be others that can’t tolerate these extra ms. Telemedicine, video-conference, fintech, etc.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>As a side note, my former employer in video game was bidding for these vendors offering DDoS protection. While bidding, we were hit with abnormal patterns. As soon as we chose one vendors those very tricky DDoS patterns stopped.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I am not saying they are working on both side, but still the coincidence was interesting. In the end, we never used them because they were not able to perfectly block the threat without impacting all the others projects.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I think these mitigators are nice to have as a very last resort. I believe what is more important for Network Operators is: to be aware of this, to be able to detect it, mitigate it and/or minimize the impact. It’s like magic, where did that rabbit go?<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>The art of war taught me everything there is to know about DDoS attacks even if it was written some 2500 years ago.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I suspect that the attack that impacted Baldur’s assets was a very easy DDoS to detect and block, but can’t confirm.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>@Baldur: do you care to share some metrics?<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Jean<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span lang=EN-US>From:</span></b><span lang=EN-US> NANOG <nanog-bounces+jean=<a href="mailto:ddostest.me@nanog.org" target="_blank">ddostest.me@nanog.org</a>> <b>On Behalf Of </b>Jean St-Laurent via NANOG<br><b>Sent:</b> May 21, 2021 10:52 AM<br><b>To:</b> 'Lady Benjamin Cannon of Glencoe, ASCE' <<a href="mailto:lb@6by7.net" target="_blank">lb@6by7.net</a>>; 'Baldur Norddahl' <<a href="mailto:baldur.norddahl@gmail.com" target="_blank">baldur.norddahl@gmail.com</a>><br><b>Cc:</b> 'NANOG Operators' Group' <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Subject:</b> RE: DDoS attack with blackmail</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I also recommend book Art of War from Sun Tzu.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>All the answers to your questions are in that book.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Jean<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span lang=EN-US>From:</span></b><span lang=EN-US> NANOG <<a href="mailto:nanog-bounces+jean=ddostest.me@nanog.org" target="_blank">nanog-bounces+jean=ddostest.me@nanog.org</a>> <b>On Behalf Of </b>Lady Benjamin Cannon of Glencoe, ASCE<br><b>Sent:</b> May 20, 2021 7:18 PM<br><b>To:</b> Baldur Norddahl <<a href="mailto:baldur.norddahl@gmail.com" target="_blank">baldur.norddahl@gmail.com</a>><br><b>Cc:</b> NANOG Operators' Group <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Subject:</b> Re: DDoS attack with blackmail</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>20 years ago I wrote an automatic teardrop attack. If your IP spammed us 5 times, then a script would run, knocking the remote host off the internet entirely.<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Later I modified it to launch 1000 teardrop attacks/second…<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Today, contact the FBI.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>And get a mitigation service above your borders if you can.<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>—L.B.</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>Ms. Lady Benjamin PD Cannon of Glencoe, ASCE</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>6x7 Networks & 6x7 Telecom, LLC </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>CEO </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'><a href="mailto:lb@6by7.net" target="_blank">lb@6by7.net</a></span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>"The only fully end-to-end encrypted global telecommunications company in the world.”</span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'>FCC License KJ6FJJ</span><o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:black'><br></span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'> <o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On May 20, 2021, at 12:26 PM, Baldur Norddahl <<a href="mailto:baldur.norddahl@gmail.com" target="_blank">baldur.norddahl@gmail.com</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hello<o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>We got attacked by a group that calls themselves "Fancy Lazarus". They want payment in BC to not attack us again. The attack was a volume attack to our DNS and URL fetch from our webserver.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I am interested in any experience in fighting back against these guys.<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks,<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Baldur<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></blockquote></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div></div></div></div></blockquote></div></div></div></div></body></html>