[193168] in North American Network Operators' Group
Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack
daemon@ATHENA.MIT.EDU (Mike Hammett)
Thu Dec 22 09:27:51 2016
X-Original-To: nanog@nanog.org
Date: Thu, 22 Dec 2016 08:27:44 -0600 (CST)
From: Mike Hammett <nanog@ics-il.net>
Cc: NANOG list <nanog@nanog.org>
In-Reply-To: <CALoKGd2V=-OYp2adoFCZjtDQNhP5ZW3jU+BmyG9EC7HDZa=1Ow@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
Skepticism is of course warranted with such bold claims and little public i=
nformation to back it up.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
Midwest Internet Exchange=20
The Brothers WISP=20
----- Original Message -----
From: "Alexander Lyamin" <la@qrator.net>=20
To: "Mike Hammett" <nanog@ics-il.net>=20
Cc: "j j santanna" <j.j.santanna@utwente.nl>, "NANOG list" <nanog@nanog.org=
>=20
Sent: Thursday, December 22, 2016 7:53:46 AM=20
Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack=20
I just reviewed our data at http://radar.qrator.net provided network list.=
=20
I am highly skeptical.=20
<tapping my feet neurotically>=20
On Thu, Dec 22, 2016 at 4:51 PM, Mike Hammett < nanog@ics-il.net > wrote:=
=20
Let's wait and see if his stated message of being here to discuss technical=
matters of the vulnerability with the aforementioned carriers bears anythi=
ng out. If not, don the torches.=20
-----=20
Mike Hammett=20
Intelligent Computing Solutions=20
Midwest Internet Exchange=20
The Brothers WISP=20
----- Original Message -----=20
From: "j j santanna" < j.j.santanna@utwente.nl >=20
To: jean@ddostest.me=20
Cc: nanog@nanog.org=20
Sent: Thursday, December 22, 2016 5:01:23 AM=20
Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack=20
I am saying!=20
As far as I understand you are offering DDoS attacks as a paid service, rig=
ht? Some people would say that you offer DDoS for hire. What is the differe=
nce between your service and a Booter service. Only a =E2=80=9Cvalidation" =
that your client is =E2=80=9Cstress testing=E2=80=9D him/herself does not m=
ake you legal. Sorry man but you can NOT claim yourself as a legal/moral ac=
ceptable stress tester if you misuse devices on the Internet, such as ampli=
fiers, webshell, and botnets.=20
Although you don=E2=80=99t consider yourself a Booter, you are one of them!=
=20
I leave up to you the definition of stupid.=20
Cheers,=20
Jair Santanna=20
jairsantanna.com < http://jairsantanna.com >=20
On 22 Dec 2016, at 11:45, Jean | ddostest.me < http://ddostest.me > < jean@=
ddostest.me <mailto: jean@ddostest.me >> wrote:=20
I admit that I have a lot of guts.=20
Not sure who said that I am a booter or that I operate a booter. I fight bo=
oter since more than 5 years and who would be stupid enough to put his full=
name with full address to a respected network operators list? Definitely n=
ot me.=20
I want to help and fix things and I am not the kind of person to break thin=
gs.=20
Jean=20
On 16-12-22 03:46 AM, j.j.santanna@utwente.nl <mailto: j.j.santanna@utwente=
.nl > wrote:=20
Hi Jean,=20
You are either naive or have a lot of guts to offer a Booter service in one=
of the most respected network operators list. Man, as long as you use ampl=
ifiers (third party services) or botnets your =E2=80=9Cservice=E2=80=9D is =
illegal & immoral. In case you use your own infrastructure or rent a legal =
(cloud) infrastructure to provide your "service" it will not pay your costs=
. Not at least by the price that you offer your service: 0, 13, 100 bucks. =
Even if you have a legal/moral acceptable attack infrastructure, if you thr=
ow those big attacks that you advertise will possibly take down many others=
third-parties on the way.=20
Sometimes you folks say that (mis)use amplifiers for =E2=80=9Ctesting=E2=80=
=9D purpose is not a problem because those services are open and publicly a=
vailable on the Internet. Come on=E2=80=A6 if I leave my car open with the =
key inside it doesn=E2=80=99t give you the right to use my car to throw int=
o a third party company. And if you do, it is YOUR CRIME, not mine.=20
I don=E2=80=99t need to explain why using botnets is illegal and immoral, r=
ight?=20
Man, it is up to you decide between cyber crime and cyber security ( https:=
//www.europol.europa.eu/activities-services/public-awareness-and-prevention=
-guides/cyber-crime-vs-cyber-security-what-will-you-choose ). Now, we are a=
lso looking to you on http://booterblacklist.com < http://booterblacklist.c=
om/ >. Thanks!=20
Cheers,=20
Jair Santanna=20
On 22 Dec 2016, at 07:51, Alexander Lyamin < la@qrator.net <mailto: la@qrat=
or.net ><mailto: la@qrator.net >> wrote:=20
I am just trying to grasp what is similarity between networks on the list=
=20
and why it doesn't include, say NTT or Cogent.=20
On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me < http://ddostest.me/ >=
< http://ddostest.me/ > via NANOG <=20
nanog@nanog.org <mailto: nanog@nanog.org ><mailto: nanog@nanog.org >> wrote=
:=20
Hello all, I'm a first time poster here and hope to follow all rules.=20
I found a new way to amplify traffic that would generate really high=20
volume of traffic.+10Tbps=20
** There is no need for spoofing ** so any device in the world could=20
initiate a really big attack or be part of an attack.=20
We talk about an amplification factor x100+. This mean that a single=20
computer with 1 Gbps outgoing bandwidth would generate a 100 Gbps DDoS.=20
Imagine what a botnet could do?=20
The list of affected business is huge and I would like to privately=20
disclose the details to the Tier1 ISP as they are highly vulnerable.=20
XO Comm=20
PSINET=20
Level 3=20
Qwest=20
Windstream Comm=20
Eearthlink=20
MCI Comm/Verizon Buss=20
Comcast Cable Comm=20
AT&T=20
Sprint=20
I know it's Christmas time and there is no rush in disclosing this but, it=
=20
could be a nice opportunity to meditate and shed some lights on this new=20
DDoS threat. We could start the real work in January.=20
If you are curious and you operate/manage one of the network mentioned=20
above, please write to me at tornaddos@ddostest.me <mailto: tornaddos@ddost=
est.me ><mailto: tornaddos@ddostest.me > from your job email to=20
confirm the identity. I will then forward you the DDoS details.=20
Best regards=20
Jean St-Laurent=20
ddostest.me < http://ddostest.me/ >< http://ddostest.me/ >=20
365 boul. Sir-Wilfrid-Laurier #202=20
Beloeil, QC J3G 4T2=20
--=20
Alexander Lyamin=20
CEO | Qrator < http://qrator.net/ >* Labs*=20
office: 8-800-3333-LAB (522)=20
mob: +7-916-9086122=20
skype: melanor9=20
mailto: la@qrator.net <mailto: la@qrator.net ><mailto: la@qrator.net >=20
--=20
Alexander Lyamin=20
CEO | Qrator Labs=20
office: 8-800-3333-LAB (522)=20
mob: +7-916-9086122=20
skype: melanor9=20
mailto: la@qrator.net=20
