Hi! This is my first mail to the list. Afaik, the DDoS is "only" a UDP based one (or much of the attack), you should be able to mitigate some to much of the damage caused by filled pipes by blocking incomming UDP trafic at your ISP level. //Robban
* On Thu, Dec 03, 2015 at 03:15:04AM -0500, halp us <throwaway1958251@gmail.com> wrote:
All,
I've been a NANOG member for many years but I'm emailing from an anonymous account to reduce the chance of the attackers finding me.
A company that shall remain anonymous has received a ransom DDoS note from a very well known group that has been in the news lately. Recently they've threatened to carry out a major DDoS attack if they are not paid by a deadline which is approaching. They've performed an attack of a smaller magnitude to prove that they're serious.
Based on certain details that I can't reveal here, we believe the magnitude of the upcoming attack may be in the several hundred Gbps.
I would really appreciate help in a few areas (primarily with certain provider contacts/intros) so we can execute our strategy (which I can't reveal here for obvious reasons). If you email me off-list with a name/email that you've previously used on-list, I will reply from my real email.
Alternatively, if you can post your experiences on-list with large scale high profile ransom DDoS attacks, I'd really appreciate it!
Thanks
-- Robert Soderlund
Afaik, the DDoS is "only" a UDP based one (or much of the attack), you should be able to mitigate some to much of the damage caused by filled pipes by blocking incomming UDP trafic at your ISP level.
This is the Armada Collective, based on the description. We just went through a round with them. The hardest they were able to hit us peaked at a little under 80 Gbits/second. Primarily DNS and NTP amplification attacks. They also hit our web servers with a little over 80 million requests over a one hour period, and played some games with TCP to try to mess with the protocol stacks on the servers and network gear. Cloudflare took care of the web attacks. For DDoS, something like Incapsula will take care of the layer 3 stuff. Not cheap, but very effective. --lyndon
participants (2)
-
Lyndon Nerenberg
-
Robban