im seeing alot of people taling about using opendns to resolve alot of the issue for themselves, is opendnd one of those dickbags that break dynamic dns by extending ttl?
On Fri, Oct 21, 2016 at 5:55 PM, That One Guy /sarcasm < thatoneguyst...@gmail.com> wrote: > I audibly LOLd that. the person saying it doesnt realize that an > individual who would be tiered and strapped financially to where data caps > were and issue would be priced out of a "cyber hit" on comcast. lol lizard > squad, like the boogey man > > On Fri, Oct 21, 2016 at 5:35 PM, Ken Hohhof <af...@kwisp.com> wrote: > >> Claiming someone was trying to take down Comcast because of their data >> caps. Here’s a sample comment: >> >> >> >> “its most likely someone got pissed off at caps fees for Comcast and >> hired lizard squad or aka poodle corps” >> >> >> >> All the top minds hang out on Broadband Reports. And they think the most >> pressing issue the world faces is Comcast 1TB/mo data caps. Never mind >> terrorism, nuclear war, global warming, Zika … >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Tim Reichhart >> *Sent:* Friday, October 21, 2016 5:22 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> IF it was the data caps why would it take down like major apps like >> whatapp etc? There is other ISP's impose data caps just like comcast I dont >> think that part of it. I am thinking more forward to wikileaks its mostly >> blow back. Because Level 3 is also down again so something is up again with >> this DDOS. >> >> >> >> ------------------------------ >> >> -----Original Message----- >> From: "Paul Stewart" <p...@paulstewart.org> >> To: af@afmug.com >> Date: 10/21/16 05:59 PM >> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> Yup and while that sounds absolutely crazy in one regard, it's scary and >> real in another ….. >> >> >> >> There was a study (can't find it at moment) done that was in reference to >> a 600Gb/s attack through NTP amplification and it showed that only 1-2% of >> *vulnerable* devices participated in the attack .. "what if" 50% of those >> devices were participating kind of thing >> >> >> >> On Oct 21, 2016, at 5:50 PM, Ken Hohhof <af...@kwisp.com> wrote: >> >> >> >> >> >> Well, lots of theories. Another is it's retaliation against Dyn for >> publicly calling out BackConnect for BGP spoofing. One guy posted very >> authoritatively on Broadband Reports that the real target was Comcast >> because … data caps. >> >> >> >> I'm not sure I buy that WikiLeaks attacked Dyn because of the Ecuador >> thing. For one thing, WikiLeaks does leaks, DDoS attacks is more like >> Anonymous. But probably you're saying it's Russia. Hmmmm, that seems like >> quite an escalation, since Assange losing his WiFi in the embassy is hardly >> going to stop Wikileaks unless there's a lot bigger cyber attack on >> Wikileaks than has been reported. >> >> >> >> I heard someone on the radio say after Ecuador took away Assange's >> Internet privileges, "be sure to lock your Ecuadors and windows". >> >> >> >> One thing we can probably all agree on is that it was just a matter of >> time before somebody DDoS'd the whole Internet. The capability has >> probably been there for awhile and it's almost surprising it took this >> long. Nobody seemed to want to do anything about the DDoS problem when it >> was just gamer kids booting each other and DD4BC and little WISPs getting >> blown off the air because they couldn't mitigate 1 Gb+ attacks. I hope >> someone has been thinking about what to do when they start blowing the >> whole Internet off the air on a daily basis. >> >> >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On >> Behalf Of *Tim Reichhart >> *Sent:* Friday, October 21, 2016 4:14 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> >> >> >> >> <https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwiWw6Pz5-zPAhULw4MKHXxzAdEQqQIIIzAC&url=http%3A%2F%2Fwww.nbcnews.com%2Fnews%2Fus-news%2Fu-s-urged-ecuador-act-against-assange-n669271&usg=AFQjCNFuBoBAn34nGg1E9PfoLvURndTCFQ> >> >> >> I say this major ddos attack is sure blow back on what US told Ecuador to >> Act Against WikiLeaks Leader. >> >> ------------------------------ >> >> -----Original Message----- >> From: "That One Guy /sarcasm" <thatoneguyst...@gmail.com> >> To: af@afmug.com >> Date: 10/21/16 05:06 PM >> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> i think there are only two hackers left, the rest are script kiddies >> >> half of these mopes calling themselves "hackers" have little education, >> hacking quite often requires a high degree of mathmatics capability, most >> of these l77t "hackers" cant even multiply >> >> >> >> >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 3:52 PM, Paul Stewart <p...@paulstewart.org> >> wrote: >> >> >> >> Good point … and totally agree that the word "hacking" used to mean >> something - now it just kinda makes people laugh and not take it seriously >> at all anymore… >> >> >> >> >> >> >> >> >> >> On Oct 21, 2016, at 4:44 PM, Ken Hohhof <af...@kwisp.com> wrote: >> >> >> >> >> >> >> >> I think his point was that a denial of service attack is not hacking. >> >> >> >> I just heard on the radio someone was asking, if I try to use Twitter and >> it doesn't work because of this attack, is my computer how hacked? >> >> >> >> Even stuff that rightly gets called hacking is an insult to hackers. Like >> if your webcam is on a public IP address and I guess that the password is >> 1234, and that gets me root access to install whatever I want, it hardly >> seems right to call that hacking. >> >> >> >> But taking down a site by flooding it (or its authoritative DNS servers) >> with traffic is not the same as hacking the site. >> >> >> >> >> >> *From:* Af [mailto: <af-boun...@afmug.com>af-boun...@afmug.com] *On >> Behalf Of *Paul Stewart >> *Sent:* Friday, October 21, 2016 3:34 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> Agree…. it should be focused on end users better securing themselves …. >> >> >> >> >> >> On Oct 21, 2016, at 3:44 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >> >> >> >> >> Im getting irritated by news reports calling this hacking. That term has >> been so obfuscated by dimwits that it has no value >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 1:54 PM, Josh Luthman < >> j...@imaginenetworksllc.com> wrote: >> >> It works great for me 90% of the time. The other 10% it refuses to >> function at all. >> >> >> >> >> >> >> >> >> Josh Luthman >> Office: 937-552-2340 <http://tel:937-552-2340> >> Direct: 937-552-2343 <http://tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 2:50 PM, Paul Stewart <p...@paulstewart.org> >> wrote: >> >> >> >> LOL …. scary shit…. >> >> >> >> Facebook being slow isn't anything new in my experience … they have to be >> having a hard time keeping up sometimes …. last I heard they were adding >> something around 200-300 new servers a day in each data centre >> >> >> >> >> >> On Oct 21, 2016, at 2:48 PM, That One Guy /sarcasm < >> thatoneguyst...@gmail.com> wrote: >> >> >> >> >> >> forcing people to interact in person... a dangerous prospect in these >> times >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 1:43 PM, Tim Reichhart < >> timreichh...@hometowncable.net> wrote: >> >> >> >> It seems like facebook is also getting slow. >> >> >> >> ------------------------------ >> >> -----Original Message----- >> From: "Travis Johnson" <t...@ida.net> >> To: af@afmug.com >> Date: 10/21/16 02:37 PM >> Subject: Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> This is still going right now... big and small websites and ISP's are >> unreachable and unresponsive. :( >> >> Travis >> >> On 10/21/2016 12:19 PM, Ken Hohhof wrote: >> >> >> >> >> Interesting, according to that, the ISP DNS servers are recruited as part >> of the attack on the victim's authoritative DNS servers, by sending queries >> from within the ISP's network. >> >> >> >> No spoofing, no amplification, no misconfigured DNS servers required, yet >> the ISP's DNS servers are used to send the attack traffic. All that is >> needed is a compromised IoT to send the query. >> >> >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com <af-boun...@afmug.com>] *On >> Behalf Of* Josh Baird >> *Sent:* Friday, October 21, 2016 12:42 PM >> >> >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> >> >> >> >> >> >> Right - crap IoT devices on the Mirai botnet were responsible for shoving >> 620+Gbps of traffic at Akamai to take down Krebs (and over 1Tbps to take >> down OVH). No spoofing involved. >> >> >> >> Interesting article on the techniques used by Mirai: >> >> >> >> https://f5.com/about-us/news/articles/mirai-the-iot-bot-that >> -took-down-krebs-and-launched-a-tbps-ddos-attack-on-ovh-21937 >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 1:30 PM, Ken Hohhof <af...@kwisp.com> wrote: >> >> >> >> >> >> The amplifier would receive a query from a spoofed IP address, and >> respond using a legit IP address. So the attacker needs to control some >> computers that can spoof the victim's IP address, but the actual attack >> traffic comes from the amplifiers using legit source IPs. >> >> >> >> In the case of IoT botnets, I'm not sure any spoofing is required. >> >> >> >> >> >> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of* Josh Baird >> *Sent:* Friday, October 21, 2016 12:21 PM >> *To:* af@afmug.com >> *Subject:* Re: [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> It's a good start. It attempts to prevent spoofed traffic originating >> from your network to leave your network (or BCP38). >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 1:19 PM, Josh Luthman < >> j...@imaginenetworksllc.com> wrote: >> >> It can't be that simple...can it? >> >> >> >> >> >> >> >> >> Josh Luthman >> Office: 937-552-2340 <http://tel:937-552-2340> >> Direct: 937-552-2343 <http://tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Fri, Oct 21, 2016 at 1:17 PM, Mike Hammett <af...@ics-il.net> wrote: >> >> >> >> /ip firewall address-list >> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" >> add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream >> customer X IPs" >> >> /ip firewall filter >> add action=drop chain=forward comment="Drop spoofed traffic" disabled=no >> out-interface="To-Upstream" dst-address-list=!"Public-IPs" >> >> That was largely composed off of the top of my head and typed on my >> phone, so it may not be completely accurate. >> >> >> You should also do it on customer-facing ports not allowing anything to >> come in, but that would be best approached once Mikrotik and the per >> interface setting for unicast reverse path filtering. You would then said >> customer facing interfaces to strict and all other interfaces to loose. >> They accepted the feature request, just haven't implemented it yet. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> >> >> >> *From:* "Mike Hammett" <af...@ics-il.net> >> *To:* af@afmug.com >> *Sent:* Friday, October 21, 2016 11:21:35 AM >> *Subject:* [AFMUG] Another large DDoS, Stop Being a Dick >> >> >> >> There's another large DDoS going on now. Go to this page to see if you >> can be used for UDP amplification (or other spoofing) attacks: >> >> https://www.caida.org/projects/spoofer/ >> >> Go to these pages for more longer term bad behavior monitoring: >> >> https://www.shadowserver.org/wiki/ >> https://radar.qrator.net/ >> >> >> Maybe we need to start a database of ASNs WISPs are using and start >> naming and shaming them when they have bad actors on their network. This is >> serious, people. Take it seriously. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> >> >> >> >> > > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
