Agree…. it should be focused on end users better securing themselves ….
> On Oct 21, 2016, at 3:44 PM, That One Guy /sarcasm > <thatoneguyst...@gmail.com> wrote: > > Im getting irritated by news reports calling this hacking. That term has been > so obfuscated by dimwits that it has no value > > On Fri, Oct 21, 2016 at 1:54 PM, Josh Luthman <j...@imaginenetworksllc.com > <mailto:j...@imaginenetworksllc.com>> wrote: > It works great for me 90% of the time. The other 10% it refuses to function > at all. > > > Josh Luthman > Office: 937-552-2340 <tel:937-552-2340> > Direct: 937-552-2343 <tel:937-552-2343> > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Fri, Oct 21, 2016 at 2:50 PM, Paul Stewart <p...@paulstewart.org > <mailto:p...@paulstewart.org>> wrote: > LOL …. scary shit…. > > Facebook being slow isn’t anything new in my experience … they have to be > having a hard time keeping up sometimes …. last I heard they were adding > something around 200-300 new servers a day in each data centre > >> On Oct 21, 2016, at 2:48 PM, That One Guy /sarcasm >> <thatoneguyst...@gmail.com <mailto:thatoneguyst...@gmail.com>> wrote: >> >> forcing people to interact in person... a dangerous prospect in these times >> >> On Fri, Oct 21, 2016 at 1:43 PM, Tim Reichhart >> <timreichh...@hometowncable.net <mailto:timreichh...@hometowncable.net>> >> wrote: >> It seems like facebook is also getting slow. >> >> -----Original Message----- >> From: "Travis Johnson" <t...@ida.net <mailto:t...@ida.net>> >> To: af@afmug.com <mailto:af@afmug.com> >> Date: 10/21/16 02:37 PM >> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> This is still going right now... big and small websites and ISP's are >> unreachable and unresponsive. :( >> >> Travis >> >> >> On 10/21/2016 12:19 PM, Ken Hohhof wrote: >> >>> Interesting, according to that, the ISP DNS servers are recruited as part >>> of the attack on the victim's authoritative DNS servers, by sending queries >>> from within the ISP's network. >>> >>> >>> No spoofing, no amplification, no misconfigured DNS servers required, yet >>> the ISP's DNS servers are used to send the attack traffic. All that is >>> needed is a compromised IoT to send the query. >>> >>> >>> <> >>> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On >>> Behalf Of Josh Baird >>> Sent: Friday, October 21, 2016 12:42 PM >>> >>> >>> To: af@afmug.com <mailto:af@afmug.com> >>> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >>> >>> >>> Right - crap IoT devices on the Mirai botnet were responsible for shoving >>> 620+Gbps of traffic at Akamai to take down Krebs (and over 1Tbps to take >>> down OVH). No spoofing involved. >>> >>> >>> Interesting article on the techniques used by Mirai: >>> >>> >>> https://f5.com/about-us/news/articles/mirai-the-iot-bot-that-took-down-krebs-and-launched-a-tbps-ddos-attack-on-ovh-21937 >>> >>> <https://f5.com/about-us/news/articles/mirai-the-iot-bot-that-took-down-krebs-and-launched-a-tbps-ddos-attack-on-ovh-21937> >>> >>> >>> On Fri, Oct 21, 2016 at 1:30 PM, Ken Hohhof <af...@kwisp.com >>> <mailto:af...@kwisp.com>> wrote: >>> >>> The amplifier would receive a query from a spoofed IP address, and respond >>> using a legit IP address. So the attacker needs to control some computers >>> that can spoof the victim's IP address, but the actual attack traffic comes >>> from the amplifiers using legit source IPs. >>> >>> >>> In the case of IoT botnets, I'm not sure any spoofing is required. >>> >>> >>> <> >>> From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com>] On >>> Behalf Of Josh Baird >>> Sent: Friday, October 21, 2016 12:21 PM >>> To: af@afmug.com <mailto:af@afmug.com> >>> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >>> >>> >>> It's a good start. It attempts to prevent spoofed traffic originating from >>> your network to leave your network (or BCP38). >>> >>> >>> On Fri, Oct 21, 2016 at 1:19 PM, Josh Luthman <j...@imaginenetworksllc.com >>> <mailto:j...@imaginenetworksllc.com>> wrote: >>> >>> It can't be that simple...can it? >>> >>> >>> >>> >>> Josh Luthman >>> Office: 937-552-2340 <http://tel:937-552-2340> >>> Direct: 937-552-2343 <http://tel:937-552-2343> >>> 1100 Wayne St >>> Suite 1337 >>> Troy, OH 45373 >>> >>> >>> >>> On Fri, Oct 21, 2016 at 1:17 PM, Mike Hammett <af...@ics-il.net >>> <mailto:af...@ics-il.net>> wrote: >>> >>> /ip firewall address-list >>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" >>> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream >>> customer X IPs" >>> >>> /ip firewall filter >>> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no >>> out-interface="To-Upstream" dst-address-list=!"Public-IPs" >>> >>> That was largely composed off of the top of my head and typed on my phone, >>> so it may not be completely accurate. >>> >>> >>> You should also do it on customer-facing ports not allowing anything to >>> come in, but that would be best approached once Mikrotik and the per >>> interface setting for unicast reverse path filtering. You would then said >>> customer facing interfaces to strict and all other interfaces to loose. >>> They accepted the feature request, just haven't implemented it yet. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions <http://www.ics-il.com/> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>> <https://www.facebook.com/mdwestix> >>> <https://www.linkedin.com/company/midwest-internet-exchange> >>> <https://twitter.com/mdwestix> >>> The Brothers WISP <http://www.thebrotherswisp.com/> >>> <https://www.facebook.com/thebrotherswisp> >>> >>> >>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>> From: "Mike Hammett" <af...@ics-il.net <mailto:af...@ics-il.net>> >>> To: af@afmug.com <mailto:af@afmug.com> >>> Sent: Friday, October 21, 2016 11:21:35 AM >>> Subject: [AFMUG] Another large DDoS, Stop Being a Dick >>> >>> There's another large DDoS going on now. Go to this page to see if you can >>> be used for UDP amplification (or other spoofing) attacks: >>> >>> https://www.caida.org/projects/spoofer/ >>> <https://www.caida.org/projects/spoofer/> >>> >>> Go to these pages for more longer term bad behavior monitoring: >>> >>> https://www.shadowserver.org/wiki/ <https://www.shadowserver.org/wiki/> >>> https://radar.qrator.net/ <https://radar.qrator.net/> >>> >>> >>> Maybe we need to start a database of ASNs WISPs are using and start naming >>> and shaming them when they have bad actors on their network. This is >>> serious, people. Take it seriously. >>> >>> >>> >>> ----- >>> Mike Hammett >>> Intelligent Computing Solutions <http://www.ics-il.com/> >>> <https://www.facebook.com/ICSIL> >>> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >>> <https://www.linkedin.com/company/intelligent-computing-solutions> >>> <https://twitter.com/ICSIL> >>> Midwest Internet Exchange <http://www.midwest-ix.com/> >>> <https://www.facebook.com/mdwestix> >>> <https://www.linkedin.com/company/midwest-internet-exchange> >>> <https://twitter.com/mdwestix> >>> The Brothers WISP <http://www.thebrotherswisp.com/> >>> <https://www.facebook.com/thebrotherswisp> >>> >>> >>> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >> >> >> >> >> >> -- >> If you only see yourself as part of the team but you don't see your team as >> part of yourself you have already failed as part of the team. > > > > > > -- > If you only see yourself as part of the team but you don't see your team as > part of yourself you have already failed as part of the team.
