[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Getting hit hard by CHINANET

On 18 Mar 2015, at 13:24, Mike Hale wrote:

> Would you mind sharing more details on what you've seen regarding the 
> various miscreants screwing with each others' devices?

They will DDoS and/or work to subvert the C&C infrastructure of botnets 
run by other miscreants due as a form of retaliation for illicit deals 
gone wrong, in order to inconvenience perceived competitors, due to 
'talking smack' on underground forums, etc.

It is quite common for compromised servers to be utilized as botnet C&C 
servers, with the legitimate owners/operators of said servers being 
totally unaware of this activity - and thus surprised when they're 
suddenly on the receiving end of DDoS attacks which are actually spurred 
by inter-miscreant rivalries.  We've observed intra-IDC DDoS attacks 
launched from hosts belonging to one customer of a host/colocation/VPS 
provider against hosts belonging to another customer of the same 
provider, for example; we've even seen the same server compromised by 
two different groups of miscreants attacked by both groups of 
miscreants, in this context.

Roland Dobbins <rdobbins at arbor.net>