Reaching out to Sony NOC, resolving DDoS Issues - Need POC

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,


On Wed, 8 Jan 2020 at 18:26, Octolus Development <admin at octolus.net> wrote:
>
> The error it displays on both Sony, and Imperva (and whatever websites who uses their protection). So this problem is not with Sony, but rather Imperva blocking IP's wildly.
>
> The IP's are not blocks, it's a single IP and the block/blacklist lifts after 7 days.
>
> Error that appears on those websites, including imperva themself:
> This page can't be displayed. Contact support for additional information.
> The incident ID is: N/A.

That looks like a WAF, so reflection/spoofing is probably *not* the
reason your IPs ended up on those lists.

I assume what you see looks similar to what this returns (a request
that looks like a sql injection):

https://www.imperva.com/bla%20OR%201=1


A few of those hits, or crossing a certain threshold per IP (very easy
for CGN IPs), and your IP probably ends up on those lists I guess. And
of course those endpoints are not IPv6 enabled, so behind CGN the end
customers shares his luck with it's neighbors even if everything is
IPv6 enabled.


Imperva, is that the "cybersecurity firm" that was breached 6 months ago?

https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/



Lukas

• Previous message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Next message (by thread): Reaching out to Sony NOC, resolving DDoS Issues - Need POC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]