Hi all, Wearing my NZITF hat this time. We've put out a release this morning to get the message our about the latest round of "Pay us Bitcoin or your network gets DDoSed' You can see the release here: http://nzitf.org.nz/news.html But why I really wanted to address this audience was that one of our suggestions to organisations is... · Establish points of contact with your Internet Service Providers (ISP) in the event that you need them to perform traffic filtering. Defence against many attack types is most effective when performed before it reaches your network. To date NZITF has had reports of organisations being able to handle these attacks effectively through collaboration with their ISPs. And I wanted to make sure that all the Network Operators on the list had a heads up that A) Organisations might call you asking for help and B) you should work out what you'd do to help them. In fact free to take the release, tweek it and send it out to your customers if that helps. Regards, Dean
On 7 May 2015, at 8:12, Dean Pemberton wrote:
In fact free to take the release, tweek it and send it out to your customers if that helps.
Most of what we've seen from this attack campaign has been
reflection/amplification attacks, along with a bit of spoofed
SYN-flooding, from time to time.
This preso talks about reflection/amplification attacks, and notes
important characteristics which make it easier to defend against them:
https://app.box.com/s/r7an1moswtc7ce58f8gg
Here's a webinar of an earlier version of the preso; it doesn't include
SSDP, but covers most of the same material:
https://www.brighttalk.com/webcast/9053/122257
-----------------------------------
Roland Dobbins
Thanks Dean. Does anyone have any data on the type or profile of people being targeted? Can anyone confirm that the threat is indeed real? Regards, Joel van Velden On 2015-05-07 13:12, Dean Pemberton wrote:
Hi all,
Wearing my NZITF hat this time. We've put out a release this morning to get the message our about the latest round of "Pay us Bitcoin or your network gets DDoSed'
You can see the release here: http://nzitf.org.nz/news.html
But why I really wanted to address this audience was that one of our suggestions to organisations is...
· Establish points of contact with your Internet Service Providers (ISP) in the event that you need them to perform traffic filtering. Defence against many attack types is most effective when performed before it reaches your network. To date NZITF has had reports of organisations being able to handle these attacks effectively through collaboration with their ISPs.
And I wanted to make sure that all the Network Operators on the list had a heads up that A) Organisations might call you asking for help and B) you should work out what you'd do to help them.
In fact free to take the release, tweek it and send it out to your customers if that helps.
Regards,
Dean _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On 7 May 2015, at 12:00, Joel van Velden wrote:
Does anyone have any data on the type or profile of people being targeted?
Online betting organizations and financial institutions, AFAICT.
Can anyone confirm that the threat is indeed real?
It's real in that they'll launch DDoS attacks in order to try and extort
payment, yes.
These attacks can and have beeen successfully defended against. Nothing
exotic or unusual, just run-of-the-mill reflection/amplification attacks
and packet-flooding attacks.
-----------------------------------
Roland Dobbins
participants (3)
-
Dean Pemberton -
Joel van Velden -
Roland Dobbins