[178965] in North American Network Operators' Group
Re: Getting hit hard by CHINANET
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Wed Mar 18 05:43:26 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: NANOG <nanog@nanog.org>
Date: Wed, 18 Mar 2015 16:43:17 +0700
In-Reply-To: <CAN3um4yEzQJeRBSHoZJLc35-SrGXt+UiH23YzOfSK8JZP1Km5w@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On 18 Mar 2015, at 13:24, Mike Hale wrote:
> Would you mind sharing more details on what you've seen regarding the
> various miscreants screwing with each others' devices?
They will DDoS and/or work to subvert the C&C infrastructure of botnets
run by other miscreants due as a form of retaliation for illicit deals
gone wrong, in order to inconvenience perceived competitors, due to
'talking smack' on underground forums, etc.
It is quite common for compromised servers to be utilized as botnet C&C
servers, with the legitimate owners/operators of said servers being
totally unaware of this activity - and thus surprised when they're
suddenly on the receiving end of DDoS attacks which are actually spurred
by inter-miscreant rivalries. We've observed intra-IDC DDoS attacks
launched from hosts belonging to one customer of a host/colocation/VPS
provider against hosts belonging to another customer of the same
provider, for example; we've even seen the same server compromised by
two different groups of miscreants attacked by both groups of
miscreants, in this context.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
