[AusNOG] NTP reflection used for world's largest DDoS

Joshua D'Alton joshua at railgun.com.au
Tue Feb 11 22:32:40 EST 2014


Yea was talking about something sustainable though, not just launch an
attack for a few minutes and be done with it. The thing is that all the NTP
'amplifiers' are going to be spread over lots of networks, so in fact said
dodgy host might not have too much troubles, as in they won't be being
blasted on their abuse or NOC addresses by people like level3 or whatever,
since 99% of the hosts will be spread around and only receiving a little
bit of NTP traffic, even if they contribute a few hundred Mbit as a result.

Anyway, I'm sure Arbor and Cloudflare and co could comment more on the CnC
side of things, far better than itnews :/


On Tue, Feb 11, 2014 at 10:17 PM, Jayden <peer at peer.id.au> wrote:

> Three Syllables: AWS. Or even vanilla vps hosts, there are enough cheap
> ones out there to grasp a few hundred and destroy them before anyone is the
> wiser. To sustain the attack you'd need some /very/ dodgy upstreams. (enzu *
> *cough**)
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Joshua
> D'Alton
> *Sent:* Tuesday, 11 February 2014 9:40 PM
> *To:* Dobbins, Roland
> *Cc:* ausnog at lists.ausnog.net
>
> *Subject:* Re: [AusNOG] NTP reflection used for world's largest DDoS
>
>
>
> In OP case yes, but just saying were someone like Scott Weeks wish to
> perform said attack, they could probably do it with just 7 servers as
> previously mentioned. Or maybe even a single 10Gbit server, though
> aforementioned 'dodgy' providers don't do 10Gbit that cheap. That is part
> of the scariness of these sorts of attacks, they are a lot easier to carry
> out with minimal knowledge and funds (comparatively).
>
>
>
> On Tue, Feb 11, 2014 at 9:41 PM, Dobbins, Roland <rdobbins at arbor.net>
> wrote:
>
>
> On Feb 11, 2014, at 1:47 PM, Joshua D'Alton <joshua at railgun.com.au> wrote:
>
> > Though, 7 x 1Gbps full linerate servers with a provider who won't
> complain about the usage would only cost about $2000AUD per month.
>
> The servers are likely compromised, and there are likely more than seven.
>
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>           Luck is the residue of opportunity and design.
>
>                        -- John Milton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140211/9a16cb23/attachment.html>


More information about the AusNOG mailing list