[193147] in North American Network Operators' Group
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
daemon@ATHENA.MIT.EDU (Tom Beecher)
Wed Dec 21 22:24:00 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <04dba92b-c3cb-bbed-809b-6085da7dbb46@ddostest.me>
From: Tom Beecher <beecher@beecher.cc>
Date: Wed, 21 Dec 2016 22:23:55 -0500
To: "Jean | ddostest.me" <jean@ddostest.me>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
NTP Monlist was what, 200x? 100x amplification attacks are soooo 2013. :)
I doubt many will fall for your Rolodex expanding exercise though, sorry. (
Do people still have Rolodexes? )
On Wed, Dec 21, 2016 at 11:05 AM, Jean | ddostest.me via NANOG <
nanog@nanog.org> wrote:
> Hello all, I'm a first time poster here and hope to follow all rules.
>
> I found a new way to amplify traffic that would generate really high
> volume of traffic.+10Tbps
>
> ** There is no need for spoofing ** so any device in the world could
> initiate a really big attack or be part of an attack.
>
> We talk about an amplification factor x100+. This mean that a single
> computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.
> Imagine what a botnet could do?
>
> The list of affected business is huge and I would like to privately
> disclose the details to the Tier1 ISP as they are highly vulnerable.
>
> XO Comm
> PSINET
> Level 3
> Qwest
> Windstream Comm
> Eearthlink
> MCI Comm/Verizon Buss
> Comcast Cable Comm
> AT&T
> Sprint
>
> I know it's Christmas time and there is no rush in disclosing this but, it
> could be a nice opportunity to meditate and shed some lights on this new
> DDoS threat. We could start the real work in January.
>
>
> If you are curious and you operate/manage one of the network mentioned
> above, please write to me at tornaddos@ddostest.me from your job email to
> confirm the identity. I will then forward you the DDoS details.
>
> Best regards
>
> Jean St-Laurent
> ddostest.me
> 365 boul. Sir-Wilfrid-Laurier #202
> Beloeil, QC J3G 4T2
>
