[AusNOG] Network Stress Test Results - Frightening speeds of 900+ mbits

James Braunegg james.braunegg at micron21.com
Mon Oct 21 09:06:14 EST 2013 

Once upon time... I used to be scared to talk about network security thinking it will raise unwanted attention (and yes it does) however I have since learnt sharing information is the best form of education in growing knowledge as a community !

For those interested the IP stresser people have provided us with a premium account so I can continue testing, they have also asked me to re test the layer 7 tests as previously we could generate any data... so it should be interesting !!!!

If anyone would like any particular tests done please let me know !

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com  |  ABN:  12 109 977 666   
W:  www.micron21.com/ip-transit    T: @micron21



This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark ZZZ Smith
Sent: Monday, October 21, 2013 6:33 AM
To: admin at uberskilled.com; Peter Betyounan; AusNOG; Joshua D'Alton
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Network Stress Test Results - Frightening speeds of 900+ mbits

Heh, I disgree with both of you.


----- Original Message -----
> From: Andrew White <admin at uberskilled.com>
> To: Peter Betyounan <peter at serversaustralia.com.au>; AusNOG <ausnog-bounces at lists.ausnog.net>; Joshua D'Alton <joshua at railgun.com.au>
> Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
> Sent: Saturday, 19 October 2013 10:45 PM
> Subject: Re: [AusNOG] Network Stress Test Results - Frightening speeds    of    900+ mbits
> 
>> I am not too happy about advertising these methods to places like whirlpool 
> which in turn is just empowering kids who think it's fun and cheap.

It is also providing knowledge to those who have to defend against these sorts of attacks.

If the defenders are naive, and the attackers are knowledgeable, who is more likely to be win? 


Matt Blaze, a computer security researcher, documented a privilege escalation attack on physical keys and locks. Many people in the locksmith industry said publishing the information was irresponsible. Here is his justification:

"Keep it secret, stupid!"

http://www.crypto.com/papers/kiss.html



> Even if 
> you educated one single person on what a booter is the damage is done already.
> 
> Sorry Peter, I have to respectfully disagree with this.

> 
> Security via obscurity is rarely - if ever - the answer to the problem.

This is such a broad statement that it is invalid without context.

Security by obscurity has been used by nature as a security mechanism by nature for millenia, as have many militaries - and is known as "camouflage" or "hiding".

In the case of nature, if it hadn't been a useful mechanism, Darwin would have eliminated it by now. Yet many animals still have and use camouflage.

It shouldn't be the only mechanism, which is why Zebras back up their camouflage with being able to kick, and militaries back it up with weapons. It is valid as one of a set of defence in depth measures.

This oft repeated mantra is a distortion of Kerckhoffs's principle, which is specifically about cryptographic algorithms:

" A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."

Note there is still an obscurity - the secret key. If the argument that "there is no security in obscurity" was true, then people should publish their secret key too so that they're more secure ...



> If a 
> kiddie wants to attack your network, they have Google at their hands to work out 
> how. I see this as educating providers and operators rather than empowering 
> kids. The site creators have already given them the power.
> 
> Cheers,
> 
> Andrew
> 
> -----Original Message-----
> From: Peter Betyounan <peter at serversaustralia.com.au>
> Sender: "AusNOG" <ausnog-bounces at lists.ausnog.net>Date: Sat, 19 
> Oct 2013 22:38:03 
> To: Joshua D'Alton<joshua at railgun.com.au>
> Cc: ausnog at lists.ausnog.net<ausnog at lists.ausnog.net>
> Subject: Re: [AusNOG] Network Stress Test Results - Frightening speeds of
>     900+ mbits
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list