On Thu, Dec 3, 2015 at 3:15 AM, halp us <throwaway1958251@gmail.com> wrote:
A company that shall remain anonymous has received a ransom DDoS note from a very well known group that has been in the news lately. Recently they've threatened to carry out a major DDoS attack if they are not paid by a deadline which is approaching. They've performed an attack of a smaller magnitude to prove that they're serious.
Hello, Are you announcing your IP addresses via BGP or does your ISP manage routing for you? If BGP, contract with a DDOS mitigator now. During an attack, you reroute the /24 containing the attacked destination to the mitigator and let them scrub the bad traffic for you. I have no idea who to recommend but I believe there was a recent discussion on nanog about just that subject. Make sure your ISP provides you with a small block of its addresses so that you can anchor the tunnel from the DDOS mitigator no matter which of your announced address blocks is attacked. And test to make sure your addresses really do reroute to the mitigator at need: your ISP can do a number of things to foul up your BGP announcement which you won't notice until you try to reroute. If not BGP, this is your ISP's problem. Notify them of the threat so that they can get ready to mitigate it. As others have said, don't pay the ransom. Even if the current thieves honor the bargain, it'll become known that you paid. That paints a great big target on your back for every other thief out there. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>