[186181] in North American Network Operators' Group
Re: Ransom DDoS attack - need help!
daemon@ATHENA.MIT.EDU (Dovid Bender)
Thu Dec 3 14:38:13 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <F2A86265-59D7-4F90-964D-6D57C877F4CF@arbor.net>
Date: Thu, 3 Dec 2015 14:38:08 -0500
From: Dovid Bender <dovid@telecurve.com>
To: Roland Dobbins <rdobbins@arbor.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
The last I spoke with NTT they said the largest they ever saw was > 300GB
and most of the time they don't follow through. They threaten 100 networks
and hope that x% will pay them off 'just in case'
On Thu, Dec 3, 2015 at 10:20 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
> On 3 Dec 2015, at 15:15, halp us wrote:
>
> Based on certain details that I can't reveal here, we believe the
>> magnitude of the upcoming attack may be in the several hundred Gbps.
>>
>
> They lie. The largest attacks we've seen from these threat actors are in
> the ~60gb/sec range - which is nothing to shake a stick at, mind.
>
> Many times, they don't follow through. But you're right to be prepared.
>
> See these two presos:
>
> <https://app.box.com/s/2kpbqfdl1ko3qhfhe4y8ekd1rvj24vfd>
>
> <https://app.box.com/s/r7an1moswtc7ce58f8gg>
>
> I would really appreciate help in a few areas (primarily with certain
>> provider contacts/intros) so we can execute our strategy (which I can't
>> reveal here for obvious reasons).
>>
>
> All this super-secret squirrel stuff doesn't help, it's actually a
> hindrance. The short answer is 'upstream ACLs'.
>
> Nevertheless, contact me 1:1 and I'll work to hook you up with the right
> folks.
>
> -----------------------------------
> Roland Dobbins <rdobbins@arbor.net>
>
