I don’t believe that these companies are complicit at high level. 

My guess is that there are some business salesmen working there that needs to 
fulfill their monthly quota of new clients. 

 

What is usually common, is that when face by a DDoS for the first time without 
the  proper tooling, it sounds like it’s an impossible task to solve. The 
knowledge on internet is pretty limited on the topic. 

It takes months and sometimes years to configure all the DDoS gates. Rolland’s 
ppt is a nice place to start as it has valuable knowledge. It’s just tough to 
figure out what is best for you.

 

The truth is, it will be more beneficial to your organisation in the 
medium/long term if you start learning and improving your DDoS defenses now 
than to rely 100% on DDoS mitigators. 

These companies are fantastic when you protect slow assets like Credit card 
transactions. The customer don’t really care if his transaction to validate the 
CC takes 4 seconds instead of 3.

 

In the end, DDoS mitigations is not more complex than what you are used to do 
daily. Protect your routers, protect the control-plane, protect the SSH lines, 
etc. It’s just a different kind of protections.

 

Let me know if you need some advices or hints, because I’ve spent some freaking 
long hours fighting them and together we have a better chance to win and not 
pay ransom from blackmails. 

I don’t have all the answers on DDoS, but maybe I have the one that you are 
looking for.

 

The moment you become very resilient to DDoS attacks, your customers will thank 
you and also support staff that will see the DDoS bounce like mosquitoes on the 
windshield of your car at 90 Mph.

 

Start learning now and start improving your DDoS. This won’t go away anytime 
soon.

 

Jean

 

 

From: jim deleskie <deles...@gmail.com> 
Sent: May 24, 2021 12:38 PM
To: Jean St-Laurent <j...@ddostest.me>
Cc: NANOG Operators' Group <nanog@nanog.org>
Subject: Re: DDoS attack with blackmail

 

While I have no design to engage in over email argument over how much latency 
people can actually tolerate, I will simply state that most people have a very 
poor understanding of it and how much additional latency is really introduced 
by DDoS mitigation.

 

As for implying that DDoS mitigation companies are complicit or involved in 
attacks, while not the first time i heard that crap it's pretty offensive to 
those that work long hours for years dealing with the garbage.  If you honestly 
believe anyone your dealing with is involved with launching attacks you clearly 
have not done your research into potential partners.

 

 

 

On Sat., May 22, 2021, 11:20 a.m. Jean St-Laurent via NANOG, <nanog@nanog.org 
<mailto:nanog@nanog.org> > wrote:

Some industries can’t afford that extra delay by DDoS mitigation vendors.

 

The video game industry is one of them and there might be others that can’t 
tolerate these extra ms. Telemedicine, video-conference, fintech, etc.

 

As a side note, my former employer in video game was bidding for these vendors 
offering DDoS protection. While bidding, we were hit with abnormal patterns. As 
soon as we chose one vendors those very tricky DDoS patterns stopped.

I am not saying they are working on both side, but still the coincidence was 
interesting. In the end, we never used them because they were not able to 
perfectly block the threat without impacting all the others projects.

 

I think these mitigators are nice to have as a very last resort. I believe what 
is more important for Network Operators is: to be aware of this, to be able to 
detect it, mitigate it and/or minimize the impact. It’s like magic, where did 
that rabbit go?

 

The art of war taught me everything there is to know about DDoS attacks even if 
it was written some 2500 years ago.

 

I suspect that the attack that impacted Baldur’s assets was a very easy DDoS to 
detect and block, but can’t confirm.

 

@Baldur: do you care to share some metrics?

 

Jean

 

From: NANOG <nanog-bounces+jean=ddostest...@nanog.org 
<mailto:ddostest...@nanog.org> > On Behalf Of Jean St-Laurent via NANOG
Sent: May 21, 2021 10:52 AM
To: 'Lady Benjamin Cannon of Glencoe, ASCE' <l...@6by7.net 
<mailto:l...@6by7.net> >; 'Baldur Norddahl' <baldur.nordd...@gmail.com 
<mailto:baldur.nordd...@gmail.com> >
Cc: 'NANOG Operators' Group' <nanog@nanog.org <mailto:nanog@nanog.org> >
Subject: RE: DDoS attack with blackmail

 

I also recommend book Art of War from Sun Tzu.

 

All the answers to your questions are in that book.

 

Jean

 

From: NANOG <nanog-bounces+jean=ddostest...@nanog.org 
<mailto:nanog-bounces+jean=ddostest...@nanog.org> > On Behalf Of Lady Benjamin 
Cannon of Glencoe, ASCE
Sent: May 20, 2021 7:18 PM
To: Baldur Norddahl <baldur.nordd...@gmail.com 
<mailto:baldur.nordd...@gmail.com> >
Cc: NANOG Operators' Group <nanog@nanog.org <mailto:nanog@nanog.org> >
Subject: Re: DDoS attack with blackmail

 

20 years ago I wrote an automatic teardrop attack.  If your IP spammed us 5 
times, then a script would run, knocking the remote host off the internet 
entirely.

 

Later I modified it to launch 1000 teardrop attacks/second…

 

Today,  contact the FBI.

 

And get a mitigation service above your borders if you can.

 

 

—L.B.

 

Ms. Lady Benjamin PD Cannon of Glencoe, ASCE

6x7 Networks & 6x7 Telecom, LLC 

CEO 

l...@6by7.net <mailto:l...@6by7.net> 

"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ




 

On May 20, 2021, at 12:26 PM, Baldur Norddahl <baldur.nordd...@gmail.com 
<mailto:baldur.nordd...@gmail.com> > wrote:

 

Hello

 

We got attacked by a group that calls themselves "Fancy Lazarus". They want 
payment in BC to not attack us again. The attack was a volume attack to our DNS 
and URL fetch from our webserver.

 

I am interested in any experience in fighting back against these guys.

 

Thanks,

 

Baldur

 

 

Reply via email to