[172079] in North American Network Operators' Group
Re: Large DDoS, small extortion
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Fri May 23 13:39:04 2014
X-Original-To: nanog@nanog.org
From: Roland Dobbins <rdobbins@arbor.net>
In-Reply-To: <21375.33219.250649.91422@world.std.com>
Date: Sat, 24 May 2014 00:38:49 +0700
To: NANOG mailing list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On May 24, 2014, at 12:13 AM, Barry Shein <bzs@world.std.com> wrote:
> Some reasonable-sounding suggestions could be counter-productive or =
even downright dangerous (depending on the nature of the attacker.) Or a =
waste of time.
Sure. Every circumstance is different. But there is *one* universal =
rule
Never pay. =20
Never, under any circumstances, pay. Not even if you've persuaded the =
Men from U.N.C.L.E. to help you, and they suggest you pay because they =
think they can trace the money, do not pay.
Why not?
Because, irrespective of what happens with this one attacker, you will =
be swarmed by countless others. Attackers brag when they're paid; =
they'll exaggerate how much they received, and then you have a much =
bigger problem.
So, yes - one's own experiences and what one did and how one did it and =
why one did it and how it turned out are very valuable to share.
But never, under any circumstances, for any reason, no matter who =
advises you to do so, should you pay.
----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laoco=F6n
