Jim, While I don't envy those who put in long hours to mitigate DDoSes at the 11th hour, the security industry as a whole, DDoS mitigation included, doesn't have a perfectly clean track record. Public court records offer plenty of evidence, and convictions from foul play while trying to win bids.
An individual I worked with previously personally handled a long, drawn out DDoS event that was ultimately perpetrated by a security contractor bidding for a job (I didn't work it personally, but it was a frequent topic of discussion while it was ongoing). Fortunately, after subsequent months of law enforcement investigation, the contractor was brought up on charges. It's definitely not "crap" , it's a fact, albeit not necessarily common. -Matt On Mon, May 24, 2021 at 10:38 AM jim deleskie <deles...@gmail.com> wrote: > While I have no design to engage in over email argument over how much > latency people can actually tolerate, I will simply state that most people > have a very poor understanding of it and how much additional latency is > really introduced by DDoS mitigation. > > As for implying that DDoS mitigation companies are complicit or involved > in attacks, while not the first time i heard that crap it's pretty > offensive to those that work long hours for years dealing with the > garbage. If you honestly believe anyone your dealing with is involved with > launching attacks you clearly have not done your research into potential > partners. > > > > On Sat., May 22, 2021, 11:20 a.m. Jean St-Laurent via NANOG, < > nanog@nanog.org> wrote: > >> Some industries can’t afford that extra delay by DDoS mitigation vendors. >> >> >> >> The video game industry is one of them and there might be others that >> can’t tolerate these extra ms. Telemedicine, video-conference, fintech, etc. >> >> >> >> As a side note, my former employer in video game was bidding for these >> vendors offering DDoS protection. While bidding, we were hit with abnormal >> patterns. As soon as we chose one vendors those very tricky DDoS patterns >> stopped. >> >> I am not saying they are working on both side, but still the coincidence >> was interesting. In the end, we never used them because they were not able >> to perfectly block the threat without impacting all the others projects. >> >> >> >> I think these mitigators are nice to have as a very last resort. I >> believe what is more important for Network Operators is: to be aware of >> this, to be able to detect it, mitigate it and/or minimize the impact. It’s >> like magic, where did that rabbit go? >> >> >> >> The art of war taught me everything there is to know about DDoS attacks >> even if it was written some 2500 years ago. >> >> >> >> I suspect that the attack that impacted Baldur’s assets was a very easy >> DDoS to detect and block, but can’t confirm. >> >> >> >> @Baldur: do you care to share some metrics? >> >> >> >> Jean >> >> >> >> *From:* NANOG <nanog-bounces+jean=ddostest...@nanog.org> *On Behalf Of *Jean >> St-Laurent via NANOG >> *Sent:* May 21, 2021 10:52 AM >> *To:* 'Lady Benjamin Cannon of Glencoe, ASCE' <l...@6by7.net>; 'Baldur >> Norddahl' <baldur.nordd...@gmail.com> >> *Cc:* 'NANOG Operators' Group' <nanog@nanog.org> >> *Subject:* RE: DDoS attack with blackmail >> >> >> >> I also recommend book Art of War from Sun Tzu. >> >> >> >> All the answers to your questions are in that book. >> >> >> >> Jean >> >> >> >> *From:* NANOG <nanog-bounces+jean=ddostest...@nanog.org> *On Behalf Of *Lady >> Benjamin Cannon of Glencoe, ASCE >> *Sent:* May 20, 2021 7:18 PM >> *To:* Baldur Norddahl <baldur.nordd...@gmail.com> >> *Cc:* NANOG Operators' Group <nanog@nanog.org> >> *Subject:* Re: DDoS attack with blackmail >> >> >> >> 20 years ago I wrote an automatic teardrop attack. If your IP spammed us >> 5 times, then a script would run, knocking the remote host off the internet >> entirely. >> >> >> >> Later I modified it to launch 1000 teardrop attacks/second… >> >> >> >> Today, contact the FBI. >> >> >> >> And get a mitigation service above your borders if you can. >> >> >> >> >> >> —L.B. >> >> >> >> Ms. Lady Benjamin PD Cannon of Glencoe, ASCE >> >> 6x7 Networks & 6x7 Telecom, LLC >> >> CEO >> >> l...@6by7.net >> >> "The only fully end-to-end encrypted global telecommunications company in >> the world.” >> >> FCC License KJ6FJJ >> >> >> >> >> On May 20, 2021, at 12:26 PM, Baldur Norddahl <baldur.nordd...@gmail.com> >> wrote: >> >> >> >> Hello >> >> >> >> We got attacked by a group that calls themselves "Fancy Lazarus". They >> want payment in BC to not attack us again. The attack was a volume attack >> to our DNS and URL fetch from our webserver. >> >> >> >> I am interested in any experience in fighting back against these guys. >> >> >> >> Thanks, >> >> >> >> Baldur >> >> >> >> >> > -- Matt Erculiani ERCUL-ARIN