Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Whoa. Default route loop, thats definitely new ;) Protip: always do prior works research. On Thu, Dec 22, 2016 at 7:56 PM, Tom Beecher wrote: > Jean sent me details. I won't share the link or password to it based on his > request, but he hasn't found anything new, and it's not even amplifica

Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack

On 22 Dec 2016, at 23:56, Tom Beecher wrote: What he did was send 1500 byte ICMP packets with a max TTL at an IP address that is not reachable due to a routing loop. Same here. Here's some context I sent him:

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Jean sent me details. I won't share the link or password to it based on his request, but he hasn't found anything new, and it's not even amplification at all. What he did was send 1500 byte ICMP packets with a max TTL at an IP address that is not reachable due to a routing loop. No amplification i

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

On Thu, Dec 22, 2016 at 11:04 AM, Ken Chase wrote: > Maybe he's found what's already known and posted 2 months ago (and every 2 > months?) > on nanog, the TCP 98,000x amplifier (which is a little higher than 100x), > among > dozens of misbehaving devices, all >200x amp. > > https://www.usenix.o

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Maybe he's found what's already known and posted 2 months ago (and every 2 months?) on nanog, the TCP 98,000x amplifier (which is a little higher than 100x), among dozens of misbehaving devices, all >200x amp. https://www.usenix.org/system/files/conference/woot14/woot14-kuhrer.pdf (Table 1's '

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Aside from the 'that's not layer 4' point that's already been made, I feel obligated to point out that if you were advised to 'privately disclose to some big players', the NANOG list is pretty much the exact opposite of that. This is a very public list. My paranoid brain doesn't want to completely

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

ett" Cc: "j j santanna" , "NANOG list" Sent: Thursday, December 22, 2016 7:53:46 AM Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack I just reviewed our data at http://radar.qrator.net provided network list. I am highly skeptical. On Th

Re: [Tier1 ISP] : Vulnerable to a new DDoS amplification attack

On 22 Dec 2016, at 20:27, Jean | ddostest.me via NANOG wrote: the already known Layer 4 amp DDoS like dns, ntp, ssdp, snmp These are layer-7 reflection/amplification attacks - i.e., application-layer - *not* layer-4. --- Roland Dobbins

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

On Thu, Dec 22, 2016 at 4:21 PM, Tom Beecher wrote: > > In that absence of anything more than 'GUYZ THIS IS SERIOUS' , with no > technical details, you can surely understand the skepticism. > > Exactly my thought. Tingling sensation "this is some kind of fraud". -- Alexander Lyamin CEO | Q

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

To: j...@ddostest.me > Cc: nanog@nanog.org > Sent: Thursday, December 22, 2016 5:01:23 AM > Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack > > I am saying! > > As far as I understand you are offering DDoS attacks as a paid service, > right? Some pe

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

WISP - Original Message - From: "j j santanna" To: j...@ddostest.me Cc: nanog@nanog.org Sent: Thursday, December 22, 2016 5:01:23 AM Subject: Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack I am saying! As far as I understand you are offering DDoS attacks as

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

I am saying! As far as I understand you are offering DDoS attacks as a paid service, right? Some people would say that you offer DDoS for hire. What is the difference between your service and a Booter service. Only a “validation" that your client is “stress testing” him/herself does not make yo

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

I apologize for my previous email. After a second thought it might sound like it's a booter even though I want to offer something else. I don't want the conversation shifting toward business when we talk about a new DDoS technique that operate at Layer 3 with amplification power x100. I disa

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

You're claiming to be able to generate more than 10 times as much traffic as the largest DDoS ever seen in the wild whilst 3 months into a position at a company that sells 'self-DDoS' services for testing purposes. In that absence of anything more than 'GUYZ THIS IS SERIOUS' , with no technical de

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

I admit that I have a lot of guts. Not sure who said that I am a booter or that I operate a booter. I fight booter since more than 5 years and who would be stupid enough to put his full name with full address to a respected network operators list? Definitely not me. I want to help and fix th

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Hi Jean, You are either naive or have a lot of guts to offer a Booter service in one of the most respected network operators list. Man, as long as you use amplifiers (third party services) or botnets your “service” is illegal & immoral. In case you use your own infrastructure or rent a legal (

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

nice one, Edward. On Thu, Dec 22, 2016 at 12:25 PM, Edward Dore < edward.d...@freethought-internet.co.uk> wrote: > Depending on which bit of PSINET Jean is talking about, that could be > Cogent. > > Edward Dore > Freethought Internet > > On 22 Dec 2016, at 06:51, Alexander Lyamin wrote: > > I am

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Depending on which bit of PSINET Jean is talking about, that could be Cogent. Edward Dore Freethought Internet > On 22 Dec 2016, at 06:51, Alexander Lyamin wrote: > > I am just trying to grasp what is similarity between networks on the list > and why it doesn't include, say NTT or Cogent. > >

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

I am just trying to grasp what is similarity between networks on the list and why it doesn't include, say NTT or Cogent. On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me via NANOG < nanog@nanog.org> wrote: > Hello all, I'm a first time poster here and hope to follow all rules. > > I found a

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

care to do a demo ? On Wed, Dec 21, 2016 at 7:05 PM, Jean | ddostest.me via NANOG < nanog@nanog.org> wrote: > Hello all, I'm a first time poster here and hope to follow all rules. > > I found a new way to amplify traffic that would generate really high > volume of traffic.+10Tbps > > ** There is

Re: [Tier1 ISP]: Vulnerable to a new DDoS amplification attack

NTP Monlist was what, 200x? 100x amplification attacks are s 2013. :) I doubt many will fall for your Rolodex expanding exercise though, sorry. ( Do people still have Rolodexes? ) On Wed, Dec 21, 2016 at 11:05 AM, Jean | ddostest.me via NANOG < nanog@nanog.org> wrote: > Hello all, I'm a firs

[Tier1 ISP]: Vulnerable to a new DDoS amplification attack

Hello all, I'm a first time poster here and hope to follow all rules. I found a new way to amplify traffic that would generate really high volume of traffic.+10Tbps ** There is no need for spoofing ** so any device in the world could initiate a really big attack or be part of an attack. We