[dns-operations] Media coverage of amplification attacks opening pandoras box?

Ameen Pishdadi apishdadi at gmail.com
Sat Mar 25 05:49:06 UTC 2006


Hello Everyone,

I just wanted to give my 2 cents on this whole thing.

DNS amplification has been around for quite some time, up until the last
year it wasnt a very common attack. These gigantic attacks that were
reported by people on nanog, prolexic and other companies stemmed from one
source. This individual has been mia for around 5-6 weeks now, he was
arrested / raided.

This is why exactly about 5 weeks ago people reported the attacks died down.

This individual has been attacking my orginization for the last year and i
even had a dialogue going with him on IRC, he would come and message me and
tell me how large of an attack he hit me with and eventually he would gain
enough bandwidht to drop our network. He was open about how he was attacking
and how he has taken dns amplification to new levels and bragged about
taking out majors pops in chicago like savvis who we connect too.

Anyway, this person was generating anywhere between 8-15gb/s of bandwidth as
people have reported. Since he went missign 5-6 weeks ago these large
attacks have isnce stopped.
Then a few days ago we recieved a relativly small 500mb/s udp attack, to my
suprise it was an amplification attack. Not nearly as large but large enough
to make us notice. This made my stomach cringe. I knew it couldnt of been
this individual, it is too small, plus he is not around anymore thank god.

So my question is, with all this media attention, on cnet, yahoo, etc..
These documents describing what exactly it is and how to do it, did we just
teach 50 more of these kids who arent bright enough to think out of the box
like this one individual did?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060324/cbbafabb/attachment.html>


More information about the dns-operations mailing list