[193159] in North American Network Operators' Group
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
daemon@ATHENA.MIT.EDU (j.j.santanna@utwente.nl)
Thu Dec 22 06:04:30 2016
X-Original-To: nanog@nanog.org
From: <j.j.santanna@utwente.nl>
To: <jean@ddostest.me>
Date: Thu, 22 Dec 2016 08:46:58 +0000
In-Reply-To: <CALoKGd2qr-Nnj-+XCJMSga_E2A33ebnX9EK2zicRKt8zvZuS=Q@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
SGkgSmVhbiwNCg0KWW91IGFyZSBlaXRoZXIgbmFpdmUgb3IgaGF2ZSBhIGxvdCBvZiBndXRzIHRv
IG9mZmVyIGEgQm9vdGVyIHNlcnZpY2UgaW4gb25lIG9mIHRoZSBtb3N0IHJlc3BlY3RlZCBuZXR3
b3JrIG9wZXJhdG9ycyBsaXN0LiBNYW4sIGFzIGxvbmcgYXMgeW91IHVzZSBhbXBsaWZpZXJzICh0
aGlyZCBwYXJ0eSBzZXJ2aWNlcykgb3IgYm90bmV0cyB5b3VyIOKAnHNlcnZpY2XigJ0gaXMgaWxs
ZWdhbCAmIGltbW9yYWwuICBJbiBjYXNlIHlvdSB1c2UgeW91ciBvd24gaW5mcmFzdHJ1Y3R1cmUg
b3IgcmVudCBhIGxlZ2FsIChjbG91ZCkgaW5mcmFzdHJ1Y3R1cmUgdG8gcHJvdmlkZSB5b3VyICJz
ZXJ2aWNlIiBpdCB3aWxsIG5vdCBwYXkgeW91ciBjb3N0cy4gTm90IGF0IGxlYXN0IGJ5IHRoZSBw
cmljZSB0aGF0IHlvdSBvZmZlciB5b3VyIHNlcnZpY2U6IDAsICAxMywgMTAwIGJ1Y2tzLiBFdmVu
IGlmIHlvdSBoYXZlIGEgbGVnYWwvbW9yYWwgYWNjZXB0YWJsZSBhdHRhY2sgaW5mcmFzdHJ1Y3R1
cmUsIGlmIHlvdSB0aHJvdyB0aG9zZSBiaWcgYXR0YWNrcyB0aGF0IHlvdSBhZHZlcnRpc2Ugd2ls
bCBwb3NzaWJseSB0YWtlIGRvd24gbWFueSBvdGhlcnMgdGhpcmQtcGFydGllcyBvbiB0aGUgd2F5
Lg0KDQpTb21ldGltZXMgeW91IGZvbGtzIHNheSB0aGF0IChtaXMpdXNlIGFtcGxpZmllcnMgZm9y
IOKAnHRlc3RpbmfigJ0gcHVycG9zZSBpcyBub3QgYSBwcm9ibGVtIGJlY2F1c2UgdGhvc2Ugc2Vy
dmljZXMgYXJlIG9wZW4gYW5kIHB1YmxpY2x5IGF2YWlsYWJsZSBvbiB0aGUgSW50ZXJuZXQuIENv
bWUgb27igKYgaWYgSSBsZWF2ZSBteSBjYXIgb3BlbiB3aXRoIHRoZSBrZXkgaW5zaWRlIGl0IGRv
ZXNu4oCZdCBnaXZlIHlvdSB0aGUgcmlnaHQgdG8gdXNlIG15IGNhciB0byB0aHJvdyBpbnRvIGEg
dGhpcmQgcGFydHkgY29tcGFueS4gQW5kIGlmIHlvdSBkbywgaXQgaXMgWU9VUiBDUklNRSwgbm90
IG1pbmUuDQoNCkkgZG9u4oCZdCBuZWVkIHRvIGV4cGxhaW4gd2h5IHVzaW5nIGJvdG5ldHMgaXMg
aWxsZWdhbCBhbmQgaW1tb3JhbCwgcmlnaHQ/DQoNCk1hbiwgaXQgaXMgdXAgdG8geW91IGRlY2lk
ZSBiZXR3ZWVuIGN5YmVyIGNyaW1lIGFuZCBjeWJlciBzZWN1cml0eSAoaHR0cHM6Ly93d3cuZXVy
b3BvbC5ldXJvcGEuZXUvYWN0aXZpdGllcy1zZXJ2aWNlcy9wdWJsaWMtYXdhcmVuZXNzLWFuZC1w
cmV2ZW50aW9uLWd1aWRlcy9jeWJlci1jcmltZS12cy1jeWJlci1zZWN1cml0eS13aGF0LXdpbGwt
eW91LWNob29zZSkuIE5vdywgd2UgYXJlIGFsc28gbG9va2luZyB0byB5b3Ugb24gaHR0cDovL2Jv
b3RlcmJsYWNrbGlzdC5jb208aHR0cDovL2Jvb3RlcmJsYWNrbGlzdC5jb20vPi4gVGhhbmtzIQ0K
DQpDaGVlcnMsDQoNCkphaXIgU2FudGFubmENCg0KDQoNCg0KT24gMjIgRGVjIDIwMTYsIGF0IDA3
OjUxLCBBbGV4YW5kZXIgTHlhbWluIDxsYUBxcmF0b3IubmV0PG1haWx0bzpsYUBxcmF0b3IubmV0
Pj4gd3JvdGU6DQoNCkkgYW0ganVzdCB0cnlpbmcgdG8gZ3Jhc3Agd2hhdCBpcyBzaW1pbGFyaXR5
IGJldHdlZW4gIG5ldHdvcmtzIG9uIHRoZSBsaXN0DQphbmQgd2h5IGl0IGRvZXNuJ3QgaW5jbHVk
ZSwgc2F5IE5UVCBvciBDb2dlbnQuDQoNCg0KDQpPbiBXZWQsIERlYyAyMSwgMjAxNiBhdCA3OjA1
IFBNLCBKZWFuIHwgZGRvc3Rlc3QubWU8aHR0cDovL2Rkb3N0ZXN0Lm1lLz4gdmlhIE5BTk9HIDwN
Cm5hbm9nQG5hbm9nLm9yZzxtYWlsdG86bmFub2dAbmFub2cub3JnPj4gd3JvdGU6DQoNCkhlbGxv
IGFsbCwgSSdtIGEgZmlyc3QgdGltZSBwb3N0ZXIgaGVyZSBhbmQgaG9wZSB0byBmb2xsb3cgYWxs
IHJ1bGVzLg0KDQpJIGZvdW5kIGEgbmV3IHdheSB0byBhbXBsaWZ5IHRyYWZmaWMgdGhhdCB3b3Vs
ZCBnZW5lcmF0ZSByZWFsbHkgaGlnaA0Kdm9sdW1lIG9mIHRyYWZmaWMuKzEwVGJwcw0KDQoqKiBU
aGVyZSBpcyBubyBuZWVkIGZvciBzcG9vZmluZyAqKiBzbyBhbnkgZGV2aWNlIGluIHRoZSB3b3Js
ZCBjb3VsZA0KaW5pdGlhdGUgYSByZWFsbHkgYmlnIGF0dGFjayBvciBiZSBwYXJ0IG9mIGFuIGF0
dGFjay4NCg0KV2UgdGFsayBhYm91dCBhbiBhbXBsaWZpY2F0aW9uIGZhY3RvciB4MTAwKy4gVGhp
cyBtZWFuIHRoYXQgYSBzaW5nbGUNCmNvbXB1dGVyIHdpdGggMSBHYnBzIG91dGdvaW5nIGJhbmR3
aWR0aCB3b3VsZCBnZW5lcmF0ZSBhIDEwMCBHYnBzIEREb1MuDQpJbWFnaW5lIHdoYXQgYSBib3Ru
ZXQgY291bGQgZG8/DQoNClRoZSBsaXN0IG9mIGFmZmVjdGVkIGJ1c2luZXNzIGlzIGh1Z2UgYW5k
IEkgd291bGQgbGlrZSB0byBwcml2YXRlbHkNCmRpc2Nsb3NlIHRoZSBkZXRhaWxzIHRvIHRoZSBU
aWVyMSBJU1AgYXMgdGhleSBhcmUgaGlnaGx5IHZ1bG5lcmFibGUuDQoNClhPIENvbW0NClBTSU5F
VA0KTGV2ZWwgMw0KUXdlc3QNCldpbmRzdHJlYW0gQ29tbQ0KRWVhcnRobGluaw0KTUNJIENvbW0v
VmVyaXpvbiBCdXNzDQpDb21jYXN0IENhYmxlIENvbW0NCkFUJlQNClNwcmludA0KDQpJIGtub3cg
aXQncyBDaHJpc3RtYXMgdGltZSBhbmQgdGhlcmUgaXMgbm8gcnVzaCBpbiBkaXNjbG9zaW5nIHRo
aXMgYnV0LCBpdA0KY291bGQgYmUgYSBuaWNlIG9wcG9ydHVuaXR5IHRvIG1lZGl0YXRlIGFuZCBz
aGVkIHNvbWUgbGlnaHRzIG9uIHRoaXMgbmV3DQpERG9TIHRocmVhdC4gV2UgY291bGQgc3RhcnQg
dGhlIHJlYWwgd29yayBpbiBKYW51YXJ5Lg0KDQoNCklmIHlvdSBhcmUgY3VyaW91cyBhbmQgeW91
IG9wZXJhdGUvbWFuYWdlIG9uZSBvZiB0aGUgbmV0d29yayBtZW50aW9uZWQNCmFib3ZlLCBwbGVh
c2Ugd3JpdGUgdG8gbWUgYXQgdG9ybmFkZG9zQGRkb3N0ZXN0Lm1lPG1haWx0bzp0b3JuYWRkb3NA
ZGRvc3Rlc3QubWU+IGZyb20geW91ciBqb2IgZW1haWwgdG8NCmNvbmZpcm0gdGhlIGlkZW50aXR5
LiBJIHdpbGwgdGhlbiBmb3J3YXJkIHlvdSB0aGUgRERvUyBkZXRhaWxzLg0KDQpCZXN0IHJlZ2Fy
ZHMNCg0KSmVhbiBTdC1MYXVyZW50DQpkZG9zdGVzdC5tZTxodHRwOi8vZGRvc3Rlc3QubWUvPg0K
MzY1IGJvdWwuIFNpci1XaWxmcmlkLUxhdXJpZXIgIzIwMg0KQmVsb2VpbCwgUUMgSjNHIDRUMg0K
DQoNCg0KDQotLQ0KDQpBbGV4YW5kZXIgTHlhbWluDQoNCkNFTyB8IFFyYXRvciA8aHR0cDovL3Fy
YXRvci5uZXQvPiogTGFicyoNCg0Kb2ZmaWNlOiA4LTgwMC0zMzMzLUxBQiAoNTIyKQ0KDQptb2I6
ICs3LTkxNi05MDg2MTIyDQoNCnNreXBlOiBtZWxhbm9yOQ0KDQptYWlsdG86ICBsYUBxcmF0b3Iu
bmV0PG1haWx0bzpsYUBxcmF0b3IubmV0Pg0KDQo=
