did facebook just DoS me?

• Previous message (by thread): did facebook just DoS me?
• Next message (by thread): did facebook just DoS me?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Exactly

-- 
 Onward!, 
 Jason Hellenthal, 
 Systems & Network Admin, 
 Mobile: 0x9CA0BD58, 
 JJH48-ARIN

On Apr 4, 2017, at 20:15, Christopher Morrow <morrowc.lists at gmail.com> wrote:

On Tue, Apr 4, 2017 at 7:03 PM, Kurt Kraut <listas at kurtkraut.net> wrote:

> Hello Christopher,
> 
> 
> I hardly belive it. IP addresses not allocated to servers were receiving
> attack, a whole /22 was attacked and it was solely used for servers
> (including IP addresses not allocated to devices), not for computers with
> user interface or mobile devices that could actually use Facebook. And if I
> recall it correctly, it was SSDP amplification attack.
> 
> 
oh so some mis-config in their network/policy and exploitation by other
folks :( bummer.


> 
> Best regards,
> 
> 
> Kurt Kraut
> 
> 2017-04-04 21:58 GMT-03:00 Christopher Morrow <morrowc.lists at gmail.com>:
> 
>> 
>> 
>>> On Tue, Apr 4, 2017 at 6:47 PM, Kurt Kraut <listas at kurtkraut.net> wrote:
>>> 
>>> 
>>> I perform some PCAPs I many IP addresses belonged to Facebook. At first I
>>> thought: - 'Clever attacker. He guesses I could not be as severe as I am
>>> to
>>> regular UDP traffic if the origin was Facebook and he deliberately
>>> spoofed
>>> their IP address.'
>>> 
>>> But one of my collegues quickly realized the incoming MAC ADDRESS was the
>>> actual Facebook router we have a peering at a internet exchange. So
>>> indeed
>>> the traffic came from their network.
>>> 
>> 
>> one wonders if this is the new (ish?) Streaming thingy they launched?
>> 
> 
> 

• Previous message (by thread): did facebook just DoS me?
• Next message (by thread): did facebook just DoS me?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]