did facebook just DoS me?
J. Hellenthal
jhellenthal at dataix.net
Wed Apr 5 01:20:38 UTC 2017
Exactly
--
Onward!,
Jason Hellenthal,
Systems & Network Admin,
Mobile: 0x9CA0BD58,
JJH48-ARIN
On Apr 4, 2017, at 20:15, Christopher Morrow <morrowc.lists at gmail.com> wrote:
On Tue, Apr 4, 2017 at 7:03 PM, Kurt Kraut <listas at kurtkraut.net> wrote:
> Hello Christopher,
>
>
> I hardly belive it. IP addresses not allocated to servers were receiving
> attack, a whole /22 was attacked and it was solely used for servers
> (including IP addresses not allocated to devices), not for computers with
> user interface or mobile devices that could actually use Facebook. And if I
> recall it correctly, it was SSDP amplification attack.
>
>
oh so some mis-config in their network/policy and exploitation by other
folks :( bummer.
>
> Best regards,
>
>
> Kurt Kraut
>
> 2017-04-04 21:58 GMT-03:00 Christopher Morrow <morrowc.lists at gmail.com>:
>
>>
>>
>>> On Tue, Apr 4, 2017 at 6:47 PM, Kurt Kraut <listas at kurtkraut.net> wrote:
>>>
>>>
>>> I perform some PCAPs I many IP addresses belonged to Facebook. At first I
>>> thought: - 'Clever attacker. He guesses I could not be as severe as I am
>>> to
>>> regular UDP traffic if the origin was Facebook and he deliberately
>>> spoofed
>>> their IP address.'
>>>
>>> But one of my collegues quickly realized the incoming MAC ADDRESS was the
>>> actual Facebook router we have a peering at a internet exchange. So
>>> indeed
>>> the traffic came from their network.
>>>
>>
>> one wonders if this is the new (ish?) Streaming thingy they launched?
>>
>
>
More information about the NANOG
mailing list