New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Massive Layer7 attack, more than 33 hours
This discussion has been closed.
Comments
Hey! That seems amazing, I will see and read some interviews and think about doing mine!
Thanks for the tip, didn't know about this feature
Please feel free to send me a PM or to use the email on my profile. 🙂 Thanks!
Hi,
I'm not one to judge your actions, but you need to admit what you did in the past if you want to be and have a sucessful business right now and in near future.
Because in the past, you attacked with DDoS-for-Hire and also you conducted many attacks against some gaming servers, the problem here is how much time and what will suceed when Hazi.ro don't want to pay more for your service or can't afford you service or if he give up because don't want it anymore, or if you have a strong argument and (anger) and detachment between possible partners and other parts envolved.
Won't you charge for it? You, won't you attack his services until he pays you? Won't you threaten him or at least attack silently for revenge?
The first step is to admit these mistakes and clean up your staff, because there are some who sincerely only brag and get into trouble and threats with possible and good partners who would do and bring success. It takes a disciplined, credible team that knows how to maintain a good discussion, without threats and without personal attacks or revenge. That's a good start.
The first is admitting your past mistakes, the point is. Have you really changed or are you still from behind making silent attacks against your enemies, competition?
I know more people who also have a business, but they do it from behind and here they create a double personality (two phases)
The goal is to have only 1 phase and only that and to be totally transparent, credible and a good person. Otherwise, you have everything to have a ruin in your business or services.
If you really have changed, prove it and admit your mistakes in the past (very recent even) but admit it.
Good continuation.
@sandoz Hello! Could you please post or send me some links so I can learn more context about the past history you are discussing? Thanks so much! Tom
Hello sandoz,
I appreciate that you put that question on the table, is really important for to people understand our past and be sure that we changed from being that 'malicious kid'.
As I said in my last reply I did do bad things in the past, I created DDoS-for-hire services where people would pay to DDoS others, I created BotNet Spot services, and I did DDoS a lot of game servers, games, companies, and individuals for money.
I was a kid who had no idea what was doing or what was going on, at 2017 I got court issues (as obvious) and I started working with Portugal Police (Policia Judiciária), I was 3 years working with the police until they offered me to finish the studies with them and follow my path with them (I'll not give more details regarding this theme).
Right now I'm at university taking Cybersecurity and Digital Forensics, here in Portugal (having great grades btw), and I'm working with a professional team to open Diamwall, I'm currently Diamwall CTO.
I hope you understand once again, that I was a kid, I had no clue about what I was doing and the actions/consequences I was causing.
Right now I offer security services for anyone that needs them, you don't understand I don't charge money, I do it because I love Mitigation and I love to see my systems in action.
Hazi is not currently paying me, nor no one protected by Diamwall will pay far as the company isn't open and still on BETA state, hazi will not need to pay me for about ~6 months, and even when the company launches I can still offer him free services.
I'm not here for the money, I'm not here to be malicious, I'm here to do what I love, and while I'm doing what I love, I'm also helping others.
Remember that most people that work heavily in the CyberSecurity area or Mitigation Services, did bad things in the past, and were stupid kids in the past where their 'Love' went into cyber security.
I hope you understand, I'm not a kid anymore, I grew up (once again) and I followed my dreams.
If you have any other questions, please let me know!
(Btw I'm trying to be the most open I can with you)
Best Regards,
Miguel Miranda
You guys are super elite, not knowing what you were doing and still able to 'successfully' ddos targets. And you're just in university and can mitigate these complex ddos attacks. This is not even waters I can thread on due to the legal nature to even learn this stuff though I am very much intrigued about learning how ddos is done and how it can be mitigated.
Knowing your past I would not be suprised if you were the one to attack Hazi and then "offered to fix it" and get your company name shout here.
I noticed you said you worked with "Portugal Police" 3 years ago yet you were attacking our servers a year or so ago? No proof obviously if we saved every threat by livechat, skype etc it would be just overwhelming.
Searching for "Ch3hp DDoS" on google still showing up stuff from last year or so by the way, hope you change your story maybe?
Wow this is getting even more serious than I thought
In the metin2 scene ( a shitty game ) where ch3hp "comes from" everyone thinks it's ch3hp the second they hear DDoS, their brain doesn't go very far.
ch3hp has a dark past, but he also knows every single attack vector there is.
also since when is blazingfast a DMCA ignored hosting?
seems kinda weird that you guys even have a knowledgebase about metin2
https://my.blazingfast.io/knowledgebase/article/26/what-does-mt2-means-in-the-os-template-names-/
Hey @Blazingfast_IO,
I still don't believe we are on the same topic, is that due to the fact that I'm offering layer7 protection and you are doing the same? I don't get your point here.
About @sandoz he actually did great questions, he was not offensive and didn't act childish like you are right now, he simply did logical questions due to my past.
About what you said about Hazi, I didn't know hazi existed before their customer contacted me to help Florin, and since then I've been talking with Florin, he can also confirm that I'm not related to these attacks (but I think this is kinda obvious).
Any issue that happened between me and blazingfast was in 2017 (and the start of 2018), 5 years ago, I don't want to mention the "kind" and the whole "grow up" state again.
Once again, I'm not getting your point here, is something wrong? Are you seeing me like a rival or something? And trying to defame me?
Best Regards,
Miguel Miranda
Indeed.
Just made myself some bread with Nutella, and a hot cup of Earl Grey to sit back and relax.
Good you are keeping an eye on things. @Blazingfast_IO made a fairly serious accusation there BUT considering he may not be able to provide proof, hard to judge this one.
MiguelM was brought by one of my biggest clients, he didn't look for me and I didn't look for him.
This story would make no sense as long as my client offered to help me because I offered him some facilities he didn't want to lose, that's all. (that client is the middle node between me and MiguelM)
I personally knew about him that he also managed to take down game servers that had tens of thousands of active players without anyone being able to block his attacks, but personally it seems to me the best way to create protection after learning how a functional attack is running.
If our man attacks us tomorrow, it is not as if he would affect us very much, we are already attacked in many directions, but the only loss is time, the determination increases exponentially.
Personally, I don't think this story will end badly (suddenly asking me for money or something like that) because the man is now creating a solid protection that he can sell with customers he can count on in case of feedback. real and positive.
Best regards, Florin.
That’s where I grew up
Small world
We have a lot of competitors but you are not one of them yet sorry we have never even heard of your company.
(Edit) Keep in mind we are now giving our layer 7 ddos protection for free to anyone that needs it for a limited time. This has nothing to do with you "selling" ddos protection.
I have personally dealt with many customers that were attacked by you for a long period of time, and I have seen a lot from you, from saying that you worked for us to saying that you developed our ddos protection and much more.
You have already done this tactic in the past of attacking someone and "selling" a firewall which was useless because you just stopped attacking people so there was no firewall correct?
I don't think your story is completely correct but it is not something that really matters to me or to our company, I also think this has nothing to do with this thread so il stop there.
Good luck with sales @MiguelM
I don't know why pictures uploaded to @imgmoney is not displaying for me…
I think as Miguel already started, if you have questions he will gladly answer them,
the same way he did for sandoz.
you are accusing him again without providing any proof.
also, since when is blazingfast allowing dmca and/or abuse?
your abuse email isn't even on a registered domain anymore.
https://take-me-to.space/bRLCOHW.png
https://take-me-to.space/bRLCOHW.png
Guys it is not whose dick is bigger competition. Because @yoursunny already won that competition!
No wonder he's so good at push ups!
My disc is 3.5 inch diameter and 160GB capacity.
It connects via IDE cable.
Thanks for asking.
Now back to the topic at hand. Guys both blazing fast and whoever might be good at doing whatever they do but in it is the spirit of competition I see here. Yes don’t make it personal anymore. I sense something needed to be aired out! Awesome now move the fuck on and see who makes the most money! Hahah
this some spicy meatball
So a botnet this capable - these aren't hacked IOT devices?
These are all hacked desktop devices
There are plenty of IOT, Router and phone (extemely common in South America) botnets around.
Although if this is being solved with a ruleset in iptables like this its not likely that big.
now that your not a mod, will you become Nekki V2.0 , to honour his departure?
anyway the exchange just sounds personal trying to be professional. its better to just drop the hypocrisy. stop overcompensating.
Hey @SplitIce
In order to fully understand the attack, you need to see the report that I did (you can see it on page 7).
The attack reached a maximum of 300.000 req/s and as obvious it's not being mitigated with iptables (iptables would never do the job), I would like to mention again that this is a 4Gen attack (explanation also on the report), and that 4Gen attacks can ONLY be mitigated by complex systems.
Meanwhile, I would rate this attack as using IoT Devices, a BotNet based on desktop environments or routers would generate more traffic with a low amount of bots, in this case, the number of bots is already pretty high, which means the devices can't really generate many requests.
I would also like to update the situation, seems like the attacker is launching a 24/7 attack, I left home on my last reply and just arrived now, and the website is still under attack.
Best Regards!
I just like the idea of a Massive Attack cover band being called Massive Layer 7 Attack
Hey Miguel! I think I missed the link to your report. Can you post the link or PM the link to me, please? Greetings from Mexico!
https://lowendtalk.com/discussion/comment/3441053/#Comment_3441053
@MiguelM
We are actively working on a "Layer 7 IP Reputation" db for our mitigation platform so are currently retaining anonymised data on reputation longer than our normal retention window. So I can make some comments on your attack that we would be unable to normally.
I saw your list of IPs and compared it to a recent attack against our site that went for a couple weeks. Just over 13k of your 45k IPs (hazi list) were found in the db (i'm working from anonymised logs but the db has only been test filled with data from attacks on our own site and specific opt-in testing customers). Being a WIP it's by no means a comprehensive DB at this stage.
Given what I know of the attack that hit us I'd suggest there are easier ways of thining that attack out. Some of the IPs in that attack are server networks for one. Those are easy to whack for eyeball targetted sites (and in our attack that was a good % of the r/s).
Also look into browser fingerprinting and user behaviour comparison. Unless the attack you are receiving is different to the one we received... the client is not exactly a browser.
We didnt notice it completing captchas either (either by forwarding to an eyeball service or machine processing).
All that being said there is no shortcuts to terminating high TLS session rates as you should now know. Just hardware acceleration or lots of CPUs. And you are 100% correct that iptables (in the way it is commonly used) won't help.
Correct,
It's normal to see low rates like 2-3 TLS r/s from Android botnets per client (usually over 3/4G) and <1 r/s per client from IOT botnets (there are however exceptions I'm sure). If you have a low latency to the bots the rates will also go up. Id suggest that if you are comfortable in your verdicts that you consider tarpiting the clients.
I'm sure they could go faster but they are either focused on multiple targets, or (my theory) trying not to be detected by interrupting the intended capability (e.g the device continues to function as a IP camera or whatever). It might also be so as not to trip up basic rate limit services.
There are some huge botnets of IOT devices out there that are fairly commonly used in L7 attacks. Many on Dynamic IPs unfortunately. Sounds like you are working hard on resolving matters for you client so I wish you the best of luck.