[193156] in North American Network Operators' Group
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
daemon@ATHENA.MIT.EDU (Edward Dore)
Thu Dec 22 04:25:37 2016
X-Original-To: nanog@nanog.org
From: Edward Dore <edward.dore@freethought-internet.co.uk>
In-Reply-To: <CALoKGd2qr-Nnj-+XCJMSga_E2A33ebnX9EK2zicRKt8zvZuS=Q@mail.gmail.com>
Date: Thu, 22 Dec 2016 09:25:31 +0000
To: Alexander Lyamin <la@qrator.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_85A62D6E-F979-4CF5-A2AC-70D4374DB5DA
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
Depending on which bit of PSINET Jean is talking about, that could be Cogent.
Edward Dore
Freethought Internet
> On 22 Dec 2016, at 06:51, Alexander Lyamin <la@qrator.net> wrote:
>
> I am just trying to grasp what is similarity between networks on the list
> and why it doesn't include, say NTT or Cogent.
>
>
>
> On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me via NANOG <
> nanog@nanog.org> wrote:
>
>> Hello all, I'm a first time poster here and hope to follow all rules.
>>
>> I found a new way to amplify traffic that would generate really high
>> volume of traffic.+10Tbps
>>
>> ** There is no need for spoofing ** so any device in the world could
>> initiate a really big attack or be part of an attack.
>>
>> We talk about an amplification factor x100+. This mean that a single
>> computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.
>> Imagine what a botnet could do?
>>
>> The list of affected business is huge and I would like to privately
>> disclose the details to the Tier1 ISP as they are highly vulnerable.
>>
>> XO Comm
>> PSINET
>> Level 3
>> Qwest
>> Windstream Comm
>> Eearthlink
>> MCI Comm/Verizon Buss
>> Comcast Cable Comm
>> AT&T
>> Sprint
>>
>> I know it's Christmas time and there is no rush in disclosing this but, it
>> could be a nice opportunity to meditate and shed some lights on this new
>> DDoS threat. We could start the real work in January.
>>
>>
>> If you are curious and you operate/manage one of the network mentioned
>> above, please write to me at tornaddos@ddostest.me from your job email to
>> confirm the identity. I will then forward you the DDoS details.
>>
>> Best regards
>>
>> Jean St-Laurent
>> ddostest.me
>> 365 boul. Sir-Wilfrid-Laurier #202
>> Beloeil, QC J3G 4T2
>>
>
>
>
> --
>
> Alexander Lyamin
>
> CEO | Qrator <http://qrator.net/>* Labs*
>
> office: 8-800-3333-LAB (522)
>
> mob: +7-916-9086122
>
> skype: melanor9
>
> mailto: la@qrator.net
--Apple-Mail=_85A62D6E-F979-4CF5-A2AC-70D4374DB5DA
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJYW5wLAAoJEFfvlfdgJz0Q9swH/2iGBkbHtHDmGGLxWtDzPQBT
tthqk+VBcFsTbomq4KpBDv50IveSgN0M6MowmdrQuIu9w8q0qlrEwf2l7zgQMGjF
VFk49Yh8wXluJNrDmx+Wjeuo2+YPCpmmUkmPR93maOGU2KWT/3tOc1p/WMz8+XFX
iFOmkWsy8ZUTG0CPEW8kB7nhaZ9NZTwAGM7MQAdIS5ifl/4e6JICJMDvGEXVmKLR
RZlzcHtDgOiuj7jwEHrS900fZBRpLJjzIWV7etI1g2Kptyr+DkIU8QLTg2voKSqP
HbqR9OHmNC5RVzdfkoGTn6YHW8Rgvnzr+D0lhrCnJIB16+B3YYVO64aFn1H1RN0=
=e+FG
-----END PGP SIGNATURE-----
--Apple-Mail=_85A62D6E-F979-4CF5-A2AC-70D4374DB5DA--
