[191707] in North American Network Operators' Group
Re: Krebs on Security booted off Akamai network after DDoS attack
daemon@ATHENA.MIT.EDU (Hugo Slabbert)
Sun Sep 25 23:54:05 2016
X-Original-To: nanog@nanog.org
Date: Sun, 25 Sep 2016 20:54:00 -0700
From: Hugo Slabbert <hugo@slabnet.com>
To: "John R. Levine" <johnl@iecc.com>
In-Reply-To: <alpine.OSX.2.11.1609251551400.56722@ary.qy>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--ktrlhbytu2eaoy56
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun 2016-Sep-25 17:01:55 -0400, John R. Levine <johnl@iecc.com> wrote:
>>https://www.internetsociety.org/sites/default/files/01_5.pdf
>>
>>The attack is triggered by a few spoofs somewhere in the world. It is not
>>feasible to stop this.
>
>That paper is about reflection attacks. From what I've read, this was=20
>not a reflection attack. The IoT devices are infected with botware=20
>which sends attack traffic directly. Address spoofing is not particularly=
=20
>useful for controlling botnets. =20
But that's not only remaining use of source address spoofing in direct=20
attacks, no? Even if reflection and amplification are not used, spoofing=
=20
can still be used for obfuscation.
>For example, the Conficker botnet generated pseudo-random domain names=20
>where the bots looked for control traffic.
>
>>Please see https://www.ietf.org/rfc/rfc6561.txt
>
>Uh, yes, we're familiar with that. We even know the people who wrote=20
>it. It could use an update for IoT since I get the impression that in=20
>many cases the only way for a nontechnical user to fix the infection=20
>is to throw the device away.
>
>Regards,
>John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dumm=
ies",
>Please consider the environment before reading this e-mail. https://jl.ly
--=20
Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com
pgp key: B178313E | also on Signal
--ktrlhbytu2eaoy56
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCgAGBQJX6JvVAAoJEFsnhBAb2KmAbVAP/1xvpFe3HekyFyOGmSZrj2+I
8EtI5OXJfncxCcpHkfuRWCVYv8lQx5fWb84jvM00NqnF6Pa/gMnRJdqjsG0zX7Ex
Tn0VBKsIo40o60w2YmoMdPEqws9AoB4h8FFlCYzlTZZHNEFty/Im7mq/iNmOfM9l
EE6ByosS6eLjgbSH4g6dJSht7r4Y8sFQQYuFvbEq+OF97aaKizoE5VkwQhjMLeJi
GPK7+HmXzlYFGnT2AQ4jX0jOgc0ySUSVlYmisEpZU06oAyZscx70+srkeMKQoeFT
Dbwc/seECQ47DLtMWfH764qVHMRLmii+gbQYJSk7LSfSfVpw0XHz7bftP7U7idzN
dHroKwA4gnKpfbC37UkygBp3tGYNHMG+UMwiFLoV9sFcb5IFDr3IXw398+71HJqH
P6riBlRGtrYiDDlm+SHZMV51x07YRy9AYOk1b4uefhpzLDP6z7oZlpC2w5weYy2B
bTLKrH/weyPW6jGKRBBkvdB4Ctyz/FMCtrH0/QLQL2BddMdKkxNtqHpb5RV5/7vF
d1iceCMr5s8ocQMXnYZWMZ1pOVDHJNTYDJF7cnvzbrl5y6d4xVCHsZdc0nkuHO9j
FLNAdoQ9XNTuYX4EjZ86yxdI8lsCM9d4SikFv5/uvBm4Ij8qBiFDfFJE3tKYtw/L
c0j8y4f4Oc2HMGg+gEK+
=l7qj
-----END PGP SIGNATURE-----
--ktrlhbytu2eaoy56--
