I am aware, but this also depends on the nature of the attack. 50k-100k hosts is a small net anymore, and with higher and higher speeds common for residential and business connections, source spoofing is helpful to maintain the size of the net and for amplification attacks but doesn't impact it's ability to take part in a raw flood.
On Jul 30, 2016 2:22 AM, "Jon Auer" <[email protected]> wrote: > Right, and that's not the intention :) > You filter at the edge (facing your customers) to block spoofed traffic > from your customers so your network doesn't participate in attacks on > others. > > Implementing BCP38 and blocking ports used for amplification attacks is a > herd immunity strategy, not a defense strategy. Remove the ability for > booters to spoof or amplify traffic on your network and you've reduced the > amount of traffic that can be thrown at other networks. At some point, the > pool of abusable hosts is reduced and booters don't have enough hosts to > launch effective attacks. > > On Fri, Jul 29, 2016 at 11:49 PM, Josh Reynolds <[email protected]> > wrote: > >> BCP38 is not going to help you with a 1Tbps attack if you're on less >> than a 1Tbps pipe. >> >> On Fri, Jul 29, 2016 at 10:42 PM, Jon Auer <[email protected]> wrote: >> > There have been a couple flavors of this. One uses a common bitcoin >> address >> > and is a scam of the scam, the other uses unique wallet addresses per >> target >> > so they can tell which target pays up. Since the wallet address doesn't >> show >> > up in search results I'd assume this is the latter... >> > >> > FWIW I've seen their stunts max out Cogent's pipes feeding a metro POP >> (not >> > a lit building in a metro, the main POP for a metro). >> > >> > So, everyone is doing BCP38 filtering on their networks, right? >> > Maybe also using a service like Qrator Radar to monitor your netblocks >> for >> > abusable services? >> > This is one of those things where everyone that isn't part of the >> solution >> > is part of the problem :) >> > >> > On Fri, Jul 29, 2016 at 9:20 PM, Eric Kuhnke <[email protected]> >> wrote: >> >> >> >> Pay and we'll know it's you, don't reply we won't read... >> >> >> >> Well if you are a sucker and make a new btc wallet, and pay, how do >> they >> >> know what website or set of IPs is associated with which payment if >> they >> >> don't take incoming communications? >> >> >> >> It's a scam. >> >> >> >> >> >> On Jul 29, 2016 6:46 PM, "Roland Houin" <[email protected]> wrote: >> >>> >> >>> anyone else get this? >> >>> >> >>> roland >> >>> >> >>> >> >>> >> >>> ---------- Forwarded Message ---------- >> >>> >> >>> FROM: Armada Collective <[email protected]> >> >>> TO: [email protected] >> >>> CC: >> >>> DATE: 29 Jul 2016 23:21:10 -0000 >> >>> >> >>> RE: ATTENTION: Ransom request!!! >> >>> >> >>> FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE >> >>> DECISION! >> >>> >> >>> We are Anonymous. >> >>> >> >>> All your servers will be DDoS-ed starting Sunday (Jul 31 2016) if you >> >>> don't pay 5 Bitcoins @ 1PR8naoESWCbNzeTYK8TbL87CnBgchZexf >> >>> >> >>> When we say all, we mean all - users will not be able to access sites >> >>> host with you at all. >> >>> >> >>> Right now we will start 15 minutes attack on your site's IP >> >>> 208.95.136.26. It will not be hard, we will not crash it at the >> moment to >> >>> try to minimize eventual damage, which we want to avoid at this >> moment. It's >> >>> just to prove that this is not a hoax. Check your logs! >> >>> >> >>> If you don't pay by Sunday, attack will start, price to stop will >> >>> increase by 1 BTC for every day of attack. >> >>> >> >>> If you report this to media and try to get some free publicity by >> using >> >>> our name, instead of paying, attack will start permanently and will >> last for >> >>> a long time. >> >>> >> >>> This is not a joke. >> >>> >> >>> Our attacks are extremely powerful - sometimes over 1 Tbps per second. >> >>> So, no cheap protection will help. >> >>> >> >>> Prevent it all with just 5 BTC @ 1PR8naoESWCbNzeTYK8TbL87CnBgchZexf >> >>> >> >>> Do not reply, we will probably not read. Pay and we will know its you. >> >>> AND YOU WILL NEVER AGAIN HEAR FROM US! >> >>> >> >>> Bitcoin is anonymous, nobody will ever know you cooperated. >> >>> >> > >> > >
