Re: EVERYTHING about Booters (and CloudFlare)
I'm sorry, but this entire discussion is predicated on half-truths and nonsense spewing out of the CF team. It's a shame too, as they're usually great community minded folks who are well respected around here.
No matter how you define the CloudFlare service, that they can claim ignorance due to "common carrier" passthrough is preposterous, especially given their purported knowledge of what's going on. Likewise if the booter sites were connected to any other CDN, WAF/proxy, public cloud provider, etc. Call it what you want, but at
upstream at some point) has an AUP which prevents the service from being used for illegal purposes. Telling NANOG members that they don't understand the nature of the CF service, and that they should somehow get a pass, is dishonest.
That they're keeping these criminals online at the requirement of the FBI? Anyone who's actually worked with law enforcement can tell you
Sigh, another long thread that goes nowhere in the end and simply dies a dull dead. So let's add my 2ct donation into it. First of all, CF like any other carrier/provider/hoster/whatever only cares about the bucks, nothing else, you all do to, so that should be clear enough. Them actually booting customers just because some other instance (except through govermential powers) wants them to is not done, as it would decrease the income. Period. Same goes for ISP's blocking access to resources. They will simply switch to another provider and or try to find workarounds for it (see pirate bay and the alikes). Thats like mopping the floor while the fire sprinklers are still on. Second, CF indeed offers DDoS mitigation, but only on their heavy paid plans, if you also want the netflow logs of the attacks etc, it will cost you extra. If you are on a free plan, and your assigned gw gets ddossed, and they figure out you are the target, they drop the 'protection' by simply changing dns to it's real values and letting the attacker know: don't dos us if you want to hit that site, use the real endpoint IP instead and you will hit them directly. (Been there with DroneBL, and as soon as I figured out they do that, dropped them immediately). In the end, you are better off at hosters like OVH/Foonet and such as they learned from the IRC age where it was common to nuke clients/bnc's in order to hijack nicknames/channels when the network didn't have channel/nick services. Third, for those who do not know it yet, CF only acts as an intermediate RELAY that provides a method of attempting to identify bad asses, nothing more. And the badasses they also relay for? Testpigs and informational source! (Keep your friends close, your enemies closer?). Hell, aren't some of the best security advisors former hackers? At least the ones I know used to be. And I rather have some decent hacker in my team, keeping me updated with the stuff thats going on in the scene, then some million dollar company trying to sell you crap that is always behind the facts. Oh, and I am talking about real hackers, not those scriptkiddies using ready made tools thinking they are god. Fourth, and I see it in this mail as well and a lot of others: The Jurisdictional issues. Why aren't there any international Cyber Crime laws yet? We all do need to enforce crap like DMCA (which the music/entertainment industry is responsible for), EU Cookie Law (which should have been handled through the browsers and not force it upon the websites) and it's inbread stupid derivates, but everyone, despite acting out international by it's presence on a global spanning network, is still hiding behind his/her's organizations local law. Kinda stupid, don't you agree ? Kind regards, Alexander Maassen Maintainer DroneBL On Thu, July 28, 2016 4:41 pm, Paul WALL wrote: the end of the day, they're providing connectivity and keeping the storefront online. Want the problem stopped? Easy, stop it at the source by denying them service. Every service provider (or its that the first rule of fight club is to NOT talk about it, especially if you're under gag order. A more likely story is they're just doing this for the attention, and basking in it, kind of like a certain blog post suggesting they pioneered the practice of configuring hosts with LACP for throughput and HA.
If Justin/Matthew/Martin/etc. are listening, I implore you to do the
harboring criminal activity and security risk to the detriment of your customers. (Is Team CYMRU listening?) Much like the original spam
right thing and stop providing service to criminals. Full stop, without caving in to your very talented marketing department. And to everyone else, I'd ask you to do what you think is right, and treat CloudFlare's anycasted IP blocks as you would any other network problem in the 90s, the collateral damage might be annoying at first, but the end will justify the means.
Drive Slow (like a souped up Supra), Paul Wall
On Wed, Jul 27, 2016 at 10:48 PM, Randy Bush <randy@psg.com> wrote:
They just lost all respect from here. Would someone from USA please
report these guys to the feds? What they are doing is outright criminal.
hyperbole. it is not criminal. you just don't happen to like it.
There are not international cyber crime laws because there is no international law enforcement agency with the reach to enforce them and because most countries like things like sovereignty. There is also an inherent conflict between private citizen hacking and state sponsored hacking and the line is sometimes blurry. If a state sponsor is using a private DDoS network, what are the chances they are going to allow an investigation/arrest in that case? There are already enough laws on the books in most cases to handle this stuff, there just isn't the law enforcement resources/interest to pursue this. Companies like CloudFare generally end up in one of two states given my experience since the first public Internet became available. 1. Various service providers get screwed with enough and eventually retaliate by messing with CloudFare's connectivity/peering/availability to the point that CloudFare becomes an unviable platform for the nefarious services. This happened in the original spam wars with regularity. As soon as CloudFare becomes inconvenient or too visible to law enforcement, they move on to the next provider and enough legit business is scared away that CloudFare dies on the vine. 2. Eventually one of the nefarious services messes around with something large enough to create big law enforcement interest (a successful hit on a critical national resource) at which point they cut all the intergovernmental red tape and take out everyone including the hacker, the server farm, the hosting company, and anyone else involved. Remember that they don't necessarily have to prove a criminal case to shut your business down. All they really have to do is get a judge to order a seizure of enough of your gear to shut you down for a period of time that sends all your other business out the door. Note that I don't support/not support that tactic but it's a fact that it works. Sure, you can try to defend yourself but how deep are your legal pockets? The US Justice Department has shown time and again that they can wipe out large swaths of nefarious operators when they care enough to do so. They have also shown the ability to cross international border to do so. They put some serious dents in Pirate Bay and Anonymous. They don't kill them permanently but it doesn't matter to the guys sitting in prison for years. Steven Naslund Chicago IL
participants (2)
-
Alexander Maassen
-
Naslund, Steve