[190842] in North American Network Operators' Group
Re: EVERYTHING about Booters (and CloudFlare)
daemon@ATHENA.MIT.EDU (Phil Rosenthal)
Thu Jul 28 12:56:45 2016
X-Original-To: nanog@nanog.org
From: Phil Rosenthal <pr@isprime.com>
In-Reply-To: <9578293AE169674F9A048B2BC9A081B401E6666A3B@MUNPRDMBXA1.medline.com>
Date: Thu, 28 Jul 2016 12:56:39 -0400
To: "Naslund, Steve" <SNaslund@medline.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Are you of the opinion that the victim of a DDoS attack who is not a =
multi-billion-dollar corporation would actually receive help from the =
FBI as a result of a DDoS attack?
In the past, I have been told that the dollar-threshold for the FBI to =
even consider looking at a case was at least $2M in damages. This was 10 =
years ago, and I can't imagine the threshold has gone down.
-Phil
> On Jul 28, 2016, at 12:51 PM, Naslund, Steve <SNaslund@medline.com> =
wrote:
>=20
> It is not beyond the realm of law enforcement to run down the entire =
chain of events all the way back to the =E2=80=9Cwhodunit=E2=80=9D and =
=E2=80=9Chowdunit=E2=80=9D. It is pretty amazing what they can figure =
out when they put their minds to it and don=E2=80=99t underestimate what =
they can learn by getting someone in the hot seat under the bare light =
bulb. They also have lots of informants.
>=20
> Victim complaints don=E2=80=99t matter a bit to these guys, it will =
take the guys in the windbreakers kicking in the doors one of these =
days.
>=20
> Steven Naslund
> Chicago IL
>=20
>> On Thu, Jul 28, 2016 at 12:20 PM, Phil Rosenthal =
<pr@isprime.com<mailto:pr@isprime.com>> wrote:
>> Keep in mind also, the victims of these DDoS attacks do not know =
which "booter" service was paid to attack them. The packets do not have =
"Stress test provided by vBooter" in them. The attack packets do not =
?>come from the booter's or Cloudflare's IP addresses, they come from =
secondary victims -- compromised servers, PC's infected with malware, =
and abused DNS/NTP [and a few other protocols] reflectors.
>>=20
>> It is impossible for a victim to submit a complaint to Cloudflare =
stating "I was attacked by someone paying vBooter", because they do not =
know which of the numerous "booter" services was responsible.
>>=20
>> -Phil
